CVE-2004-0112

medium Forcepoint
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Score
0.9%
Exploitation probability in 30 days
Top 24% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P
Published: November 23, 2004 (7842 days ago)
Last Modified: April 16, 2026
Vendor: Forcepoint
Source: NVD

Description

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CWE

CWE-125

Affected Products

cisco firewall services modulehp aaa serverhp apache-based web serversymantec clientless vpn gateway 4400cisco ciscoworks common management foundationcisco ciscoworks common servicesavaya converged communications serveravaya sg200avaya sg203avaya sg208

References

🔗 ftp.netbsd.org 🔗 ftp.sco.com 🔗 distro.conectiva.com.br 🔗 docs.info.apple.com 🔗 lists.apple.com