Vulnerability Description
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Icdn | 2.0 |
| Dell | Bsafe Ssl-J | 3.0 |
References
- http://www.ciac.org/ciac/bulletins/l-141.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/707/SSL-J-pub.html
- http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBull
- http://www.securityfocus.com/bid/3329PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7112
- http://www.ciac.org/ciac/bulletins/l-141.shtmlPatchVendor Advisory
- http://www.cisco.com/warp/public/707/SSL-J-pub.html
- http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBull
- http://www.securityfocus.com/bid/3329PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7112
FAQ
What is CVE-2001-1105?
CVE-2001-1105 is a vulnerability with a CVSS score of 7.5 (HIGH). RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to ...
How severe is CVE-2001-1105?
CVE-2001-1105 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1105?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Icdn, Dell Bsafe Ssl-J.