Vulnerabilities > Openssl > Openssl > 0.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-28 | CVE-2006-2937 | Resource Management Errors vulnerability in Openssl OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | 7.8 |
2006-09-05 | CVE-2006-4339 | Cryptographic Issues vulnerability in Openssl OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. | 4.3 |
2005-10-18 | CVE-2005-2969 | Unspecified vulnerability in Openssl The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | 5.0 |