The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
2005-10-18T21:02:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | 0.9.7 | Yes |
| Application | openssl | openssl | 0.9.7a | Yes |
| Application | openssl | openssl | 0.9.7b | Yes |
| Application | openssl | openssl | 0.9.7c | Yes |
| Application | openssl | openssl | 0.9.7d | Yes |
| Application | openssl | openssl | 0.9.7e | Yes |
| Application | openssl | openssl | 0.9.7f | Yes |
| Application | openssl | openssl | 0.9.7g | Yes |
| Application | openssl | openssl | 0.9.8 | Yes |