RSA BSAFE SSL-J验证绕过漏洞

漏洞信息详情

RSA BSAFE SSL-J验证绕过漏洞

• CNNVD编号：CNNVD-200109-041
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-1105
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-09-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  cisco
• 漏洞来源：
  Published in a Cis…

RSA BSAFE SSL-J 3.0， 3.0.1和3.1版本当用于Cisco iCND 2.0版本中时可以从失败的登录尝试缓存会话ID，远程攻击者可以通过初步失败后的登录绕过SSL客户验证和获取对敏感数据的访问。

RSA BSAFE SSL-J customers with active maintenance agreements and who currently use an affected version of RSA BSAFE SSL-J are recommended to upgrade to the latest release version of RSA BSAFE SSL-J. Additional information may be found at:
http://www.rsasecurity.com/support/bsafe/index.html
This issue is known to affect version 2.0 of Cisco’s iCDN, and has been fixed in version 2.0.1.

来源: XF
名称: bsafe-ssl-bypass-authentication(7112)
链接:http://xforce.iss.net/static/7112.php

来源: BID
名称: 3329
链接:http://www.securityfocus.com/bid/3329

来源: CIAC
名称: L-141
链接:http://www.ciac.org/ciac/bulletins/l-141.shtml

来源: www.rsasecurity.com
链接:http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html

来源: CISCO
名称: 20010912 Vulnerable SSL Implementation in iCDN
链接:http://www.cisco.com/warp/public/707/SSL-J-pub.html