Out-of-bounds Read in 4d Webstar
CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (cr…
Vulnerability class: Buffer Overflow
EPSS: 0.104 (95.1th percentile) — read the EPSS interpretation.
Affected products
- 4d Webstar — versions 4.0, 5.2, 5.2.1
- Apple Mac_os_x — versions 10.3.3
- Apple Mac_os_x_server — versions 10.3.3
- Avaya Converged_communications_server — versions 2.0
- Avaya Intuity_audix — versions 5.1.46, s3210, s3400
- Avaya S8300 — versions r2.0.0, r2.0.1
- Avaya S8500 — versions r2.0.0, r2.0.1
- Avaya S8700 — versions r2.0.0, r2.0.1
- Avaya Sg200 — versions 4.4, 4.31.29
- Avaya Sg203 — versions 4.4, 4.31.29
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (x_refsource_HP, vendor-advisory, Mailing List, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Broken Link)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_MANDRAKE)
- cve@mitre.org (vendor-advisory, x_refsource_CONECTIVA, Broken Link)
- cve@mitre.org (x_refsource_MISC, Broken Link)
- cve@mitre.org (vendor-advisory, x_refsource_SUNALERT, Broken Link)
- cve@mitre.org (vendor-advisory, Broken Link, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Broken Link)
- cve@mitre.org (x_refsource_CONFIRM, Broken Link)
Frequently asked questions
- What is CVE-2004-0112?
- CVE-2004-0112 is a vulnerability in 4d Webstar, classified under Out-of-bounds Read. Published 2004-11-23.
- Is CVE-2004-0112 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.