Unrated severityNVD Advisory· Published Oct 18, 2005· Updated Jun 16, 2026
CVE-2005-2969
CVE-2005-2969
Description
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
- (no CPE)range: >=0.9.7, <0.9.7h and >=0.9.8, <0.9.8a
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
74- www.openssl.org/news/secadv_20051011.txtnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2005-800.htmlnvdVendor Advisory
- ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdfnvd
- docs.info.apple.com/article.htmlnvd
- itrc.hp.com/service/cki/docDisplay.donvd
- itrc.hp.com/service/cki/docDisplay.donvd
- lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlnvd
- secunia.com/advisories/17146nvd
- secunia.com/advisories/17151nvd
- secunia.com/advisories/17153nvd
- secunia.com/advisories/17169nvd
- secunia.com/advisories/17178nvd
- secunia.com/advisories/17180nvd
- secunia.com/advisories/17189nvd
- secunia.com/advisories/17191nvd
- secunia.com/advisories/17210nvd
- secunia.com/advisories/17259nvd
- secunia.com/advisories/17288nvd
- secunia.com/advisories/17335nvd
- secunia.com/advisories/17344nvd
- secunia.com/advisories/17389nvd
- secunia.com/advisories/17409nvd
- secunia.com/advisories/17432nvd
- secunia.com/advisories/17466nvd
- secunia.com/advisories/17589nvd
- secunia.com/advisories/17617nvd
- secunia.com/advisories/17632nvd
- secunia.com/advisories/17813nvd
- secunia.com/advisories/17888nvd
- secunia.com/advisories/18045nvd
- secunia.com/advisories/18123nvd
- secunia.com/advisories/18165nvd
- secunia.com/advisories/18663nvd
- secunia.com/advisories/19185nvd
- secunia.com/advisories/21827nvd
- secunia.com/advisories/23280nvd
- secunia.com/advisories/23340nvd
- secunia.com/advisories/23843nvd
- secunia.com/advisories/23915nvd
- secunia.com/advisories/25973nvd
- secunia.com/advisories/26893nvd
- secunia.com/advisories/31492nvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-031.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2006-260.htmnvd
- www-1.ibm.com/support/docview.wssnvd
- www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtmlnvd
- www.debian.org/security/2005/dsa-875nvd
- www.debian.org/security/2005/dsa-881nvd
- www.debian.org/security/2005/dsa-882nvd
- www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.htmlnvd
- www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.htmlnvd
- www.juniper.net/support/security/alerts/PSN-2005-12-025.txtnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2005_61_openssl.htmlnvd
- www.redhat.com/support/errata/RHSA-2005-762.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0629.htmlnvd
- www.securityfocus.com/bid/15071nvd
- www.securityfocus.com/bid/15647nvd
- www.securityfocus.com/bid/24799nvd
- www.vupen.com/english/advisories/2005/2036nvd
- www.vupen.com/english/advisories/2005/2659nvd
- www.vupen.com/english/advisories/2005/2710nvd
- www.vupen.com/english/advisories/2005/2908nvd
- www.vupen.com/english/advisories/2005/3002nvd
- www.vupen.com/english/advisories/2005/3056nvd
- www.vupen.com/english/advisories/2006/3531nvd
- www.vupen.com/english/advisories/2007/0326nvd
- www.vupen.com/english/advisories/2007/0343nvd
- www.vupen.com/english/advisories/2007/2457nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35287nvd
- issues.rpath.com/browse/RPL-1633nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454nvd
News mentions
0No linked articles in our index yet.