Title : BlueCoat Security Update Fixes OpenSSL Security Bypass Vulnerability VUPEN ID : VUPEN/ADV-2005-2297 CVE ID : CVE-2005-2969
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-11-04
Technical Description
Blue Coat has released security updates to correct a vulnerability identified in OpenSSL. This issue is due to an error in the "SSL_OP_MSIE_SSLV2_RSA_PADDING" option (part of SSL_OP_ALL) that does not properly reject SSL 2.0 sessions when a client supports SSL 3.0 or TLS 1.0, which could be exploited to conduct MITM (Man in the Middle) attacks and force a client and a server to negotiate the SSL 2.0 protocol instead of SSL 3.0 or TLS 1.0. For additional information, see : VUPEN/ADV-2005-2036
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
