Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0826 | First vendor Publication | 2004-12-31 |
Vendor | Cve | Last vendor Modification | 2017-07-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0826 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Ports: nss File : nvt/freebsd_nss.nasl |
2005-11-03 | Name : NSS Library SSLv2 Challenge Overflow File : nvt/sslv2_hello_overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9116 | Netscape Network Security Services (NSS) Library SSLv2 Challenge Overflow A remote overflow exists in the Network Security Services library. The library fails to validate the length of the "challenge" field during negotiation of the SSLv2 protocol. This library is used by many commercial and open-source products to provide SSL services. Affected applications include the Netscape Enterprise web server, the SunONE web, directory, and mail servers, and a large number of open-source application servers. Successful exploitation of this issue may result in arbitrary code execution with the privileges of the vulnerable service, leading to a lack of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SSLv2 Client_Hello Challenge Length overflow attempt RuleID : 2656-community - Revision : 22 - Type : SERVER-WEBAPP |
2014-01-10 | SSLv2 Client_Hello Challenge Length overflow attempt RuleID : 2656 - Revision : 22 - Type : SERVER-WEBAPP |
2014-01-10 | SSLv1 Client_Hello Challenge Length overflow attempt RuleID : 15897 - Revision : 4 - Type : WEB-MISC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_207f8ff3f69711d881b0000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2004-08-24 | Name : The remote service is susceptible to a buffer overflow attack. File : sslv2_hello_overflow.nasl - Type : ACT_MIXED_ATTACK |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:24 |
|
2021-04-22 01:02:33 |
|
2020-05-23 00:15:53 |
|
2017-07-11 12:01:30 |
|
2016-10-18 12:01:22 |
|
2014-02-17 10:28:01 |
|
2014-01-19 21:22:17 |
|
2013-05-11 11:43:06 |
|