Details of VAR-200109-0135

ID

VAR-200109-0135

CVE

CVE-2001-1105

TITLE

RSA BSAFE SSL-J Verification bypass vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200109-041

DESCRIPTION

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. A vulnerability exists in several versions of RSA's SSL-J Software Development Kit (SDK) that can enable an attacker to bypass SSL client authentication. Under certain conditions, if an error occurs during the SSL client-server handshake, the SSL session key may be stored in a cache rather than being discarded. Once cached, this session key can be used by an attacker to cause a server to skip the full client authentication scheme, using a much shorter one. This effectively allows the attacker to fully bypass the client authentication. On systems that rely solely on the authentication mechanism provided by SSL, this could enable an attacker to perform unauthorized actions. Additional technical details are forthcoming

Trust: 1.35

sources: NVD: CVE-2001-1105 // BID: 3329 // VULHUB: VHN-3910 // VULMON: CVE-2001-1105

AFFECTED PRODUCTS

vendor:	cisco	model:	icdn	scope:	eq	version:	2.0	Trust: 1.9
vendor:	dell	model:	bsafe ssl-j	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	dell	model:	bsafe ssl-j	scope:	eq	version:	3.0	Trust: 1.0
vendor:	dell	model:	bsafe ssl-j	scope:	eq	version:	3.1	Trust: 1.0
vendor:	rsa	model:	bsafe ssl-j sdk	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rsa	model:	bsafe ssl-j sdk	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	rsa	model:	bsafe ssl-j sdk	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	icdn	scope:	ne	version:	2.0.1	Trust: 0.3

sources: BID: 3329 // CNNVD: CNNVD-200109-041 // NVD: CVE-2001-1105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1105
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200109-041
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3910
value:	HIGH
Trust: 0.1
VULMON:	CVE-2001-1105
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1105
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-3910
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3910 // VULMON: CVE-2001-1105 // CNNVD: CNNVD-200109-041 // NVD: CVE-2001-1105

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200109-041

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200109-041

EXTERNAL IDS

db:	NVD	id:	CVE-2001-1105	Trust: 2.1
db:	BID	id:	3329	Trust: 2.1
db:	CNNVD	id:	CNNVD-200109-041	Trust: 0.7
db:	XF	id:	7112	Trust: 0.6
db:	CISCO	id:	20010912 VULNERABLE SSL IMPLEMENTATION IN ICDN	Trust: 0.6
db:	CIAC	id:	L-141	Trust: 0.6
db:	VULHUB	id:	VHN-3910	Trust: 0.1
db:	VULMON	id:	CVE-2001-1105	Trust: 0.1

sources: VULHUB: VHN-3910 // VULMON: CVE-2001-1105 // BID: 3329 // CNNVD: CNNVD-200109-041 // NVD: CVE-2001-1105

REFERENCES

url:	http://www.securityfocus.com/bid/3329	Trust: 1.9
url:	http://www.ciac.org/ciac/bulletins/l-141.shtml	Trust: 1.8
url:	http://www.cisco.com/warp/public/707/ssl-j-pub.html	Trust: 1.8
url:	http://www.rsasecurity.com/products/bsafe/bulletins/bsafe_ssl-j_3.x.securitybulletin.html	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7112	Trust: 1.2
url:	http://xforce.iss.net/static/7112.php	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3
url:	http://www.rsa.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-3910 // VULMON: CVE-2001-1105 // BID: 3329 // CNNVD: CNNVD-200109-041 // NVD: CVE-2001-1105

CREDITS

Published in a Cisco Systems Security Advisory on September 12, 2001.

Trust: 0.9

sources: BID: 3329 // CNNVD: CNNVD-200109-041

SOURCES

db:	VULHUB	id:	VHN-3910
db:	VULMON	id:	CVE-2001-1105
db:	BID	id:	3329
db:	CNNVD	id:	CNNVD-200109-041
db:	NVD	id:	CVE-2001-1105

LAST UPDATE DATE

2024-08-14T15:20:21.972000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3910	date:	2017-12-19T00:00:00
db:	VULMON	id:	CVE-2001-1105	date:	2017-12-19T00:00:00
db:	BID	id:	3329	date:	2009-07-11T07:56:00
db:	CNNVD	id:	CNNVD-200109-041	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1105	date:	2021-11-08T15:48:31.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3910	date:	2001-09-12T00:00:00
db:	VULMON	id:	CVE-2001-1105	date:	2001-09-12T00:00:00
db:	BID	id:	3329	date:	2001-09-12T00:00:00
db:	CNNVD	id:	CNNVD-200109-041	date:	2001-09-12T00:00:00
db:	NVD	id:	CVE-2001-1105	date:	2001-09-12T04:00:00