CVE-2005-2969

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2005-2969
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2005-2969.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2005-2969
Downstream
Published
2005-10-18T21:02:00Z
Modified
2025-08-09T20:01:26Z
Summary
[none]
Details

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

References

Affected packages