CVE-2004-0079

high Check Point
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
2.3%
Exploitation probability in 30 days
Top 15% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: November 23, 2004 (7842 days ago)
Last Modified: April 16, 2026
Vendor: Check Point
Source: NVD

Description

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CWE

CWE-476

Affected Products

cisco firewall services modulehp aaa serverhp apache-based web serversymantec clientless vpn gateway 4400cisco ciscoworks common management foundationcisco ciscoworks common servicesavaya converged communications serveravaya sg200avaya sg203avaya sg208

References

🔗 ftp.freebsd.org 🔗 ftp.netbsd.org 🔗 ftp.sco.com 🔗 distro.conectiva.com.br 🔗 docs.info.apple.com