Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Out-of-bounds Read Vulnerability (CVE-2004-0112)

Description

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Remediation

References

Related Vulnerabilities

WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-4907)

IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2005-0247)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0974)

Severity

Medium

Classification

CVE-2004-0112 CWE-125

Tags

Missing Update Known Vulnerabilities