CVE-2002-0659 : The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, all

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Published 2002-08-12 04:00:00

Updated 2008-09-10 19:12:40

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2002-0659

Apple » Mac Os X » Version: 10.0
cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.1
cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.2
cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.3
cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.0.4
cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1
cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.3
cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.5
cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.1
cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.2
cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.1.4
cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 9.0.1
cpe:2.3:a:oracle:http_server:9.0.1:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 9.2.0
cpe:2.3:a:oracle:http_server:9.2.0:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server
cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server » Version: 1.0.2
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server » Version: 1.0.2.2
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Server » Version: 1.0.2.1s
cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
Matching versions
Oracle » Corporate Time Outlook Connector » Version: 3.1.1
cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.1:*:*:*:*:*:*:*
Matching versions
Oracle » Corporate Time Outlook Connector » Version: 3.1.2
cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1.2:*:*:*:*:*:*:*
Matching versions
Oracle » Corporate Time Outlook Connector » Version: 3.3
cpe:2.3:a:oracle:corporate_time_outlook_connector:3.3:*:*:*:*:*:*:*
Matching versions
Oracle » Corporate Time Outlook Connector » Version: 3.1
cpe:2.3:a:oracle:corporate_time_outlook_connector:3.1:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.4
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.1c
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.2b
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.3
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.5a
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6c
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6d
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta1
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.7 Update Beta2
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
Matching versions
Openssl » Openssl » Version: 0.9.6b
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2002-0659

EPSS FAQ

12.69%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2002-0659

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2002-0659

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt

CVEs referencing this url
http://www.iss.net/security_center/static/9718.php
http://www.securityfocus.com/bid/5366
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt

CVEs referencing this url
http://www.cert.org/advisories/CA-2002-23.html

2002 CERT Advisories
US Government Resource

CVEs referencing this url
http://www.kb.cert.org/vuls/id/748355

VU#748355 - ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
US Government Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2002-161.html

RHSA-2002:161 - Security Advisory - Red Hat Customer Portal
http://rhn.redhat.com/errata/RHSA-2002-160.html
http://rhn.redhat.com/errata/RHSA-2002-164.html

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2002-0659

Products affected by CVE-2002-0659

Exploit prediction scoring system (EPSS) score for CVE-2002-0659

CVSS scores for CVE-2002-0659

References for CVE-2002-0659