Vulnerability-Lookup

CVE-2004-2761 (GCVE-0-2004-2761)

Vulnerability from cvelistv5 – Published: 2009-01-06 01:00 – Updated: 2024-08-08 01:36

Summary

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/33065	vdb-entryx_refsource_BID
	https://rhn.redhat.com/errata/RHSA-2010-0837.html	vendor-advisoryx_refsource_REDHAT
	http://www.phreedom.org/research/rogue-ca/	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/836068	third-party-advisoryx_refsource_CERT-VN
	http://securityreason.com/securityalert/4866	third-party-advisoryx_refsource_SREASON
	http://blog.mozilla.com/security/2008/12/30/md5-w…	x_refsource_MISC
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://www.win.tue.nl/hashclash/SoftIntCodeSign/	x_refsource_MISC
	http://secunia.com/advisories/33826	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/34281	third-party-advisoryx_refsource_SECUNIA
	http://www.microsoft.com/technet/security/advisor…	x_refsource_MISC
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	http://blogs.technet.com/swi/archive/2008/12/30/i…	x_refsource_MISC
	http://www.doxpara.com/research/md5/md5_someday.pdf	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	x_refsource_MISC
	https://rhn.redhat.com/errata/RHSA-2010-0838.html	vendor-advisoryx_refsource_REDHAT
	https://blogs.verisign.com/ssl-blog/2008/12/on_md…	x_refsource_MISC
	http://www.ubuntu.com/usn/usn-740-1	vendor-advisoryx_refsource_UBUNTU
	http://securitytracker.com/id?1024697	vdb-entryx_refsource_SECTRACK
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/499685/100…	mailing-listx_refsource_BUGTRAQ
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://secunia.com/advisories/42181	third-party-advisoryx_refsource_SECUNIA
	http://www.win.tue.nl/hashclash/rogue-ca/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=648886	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "33065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33065"
          },
          {
            "name": "RHSA-2010:0837",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.phreedom.org/research/rogue-ca/"
          },
          {
            "name": "VU#836068",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/836068"
          },
          {
            "name": "4866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4866"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
          },
          {
            "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
          },
          {
            "name": "33826",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33826"
          },
          {
            "name": "34281",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34281"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "name": "RHSA-2010:0838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
          },
          {
            "name": "USN-740-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-740-1"
          },
          {
            "name": "1024697",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024697"
          },
          {
            "name": "FEDORA-2009-1276",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
          },
          {
            "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
          },
          {
            "name": "42181",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42181"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-08-17T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "33065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33065"
        },
        {
          "name": "RHSA-2010:0837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.phreedom.org/research/rogue-ca/"
        },
        {
          "name": "VU#836068",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/836068"
        },
        {
          "name": "4866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4866"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
        },
        {
          "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
        },
        {
          "name": "33826",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33826"
        },
        {
          "name": "34281",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34281"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
        },
        {
          "name": "RHSA-2010:0838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
        },
        {
          "name": "USN-740-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-740-1"
        },
        {
          "name": "1024697",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024697"
        },
        {
          "name": "FEDORA-2009-1276",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
        },
        {
          "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
        },
        {
          "name": "42181",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42181"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33065"
            },
            {
              "name": "RHSA-2010:0837",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
            },
            {
              "name": "http://www.phreedom.org/research/rogue-ca/",
              "refsource": "MISC",
              "url": "http://www.phreedom.org/research/rogue-ca/"
            },
            {
              "name": "VU#836068",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/836068"
            },
            {
              "name": "4866",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4866"
            },
            {
              "name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
              "refsource": "MISC",
              "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
            },
            {
              "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
            },
            {
              "name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
              "refsource": "MISC",
              "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
            },
            {
              "name": "33826",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33826"
            },
            {
              "name": "34281",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34281"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
              "refsource": "MISC",
              "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
            },
            {
              "name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
            },
            {
              "name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
              "refsource": "MISC",
              "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "name": "RHSA-2010:0838",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
            },
            {
              "name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
              "refsource": "MISC",
              "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
            },
            {
              "name": "USN-740-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-740-1"
            },
            {
              "name": "1024697",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024697"
            },
            {
              "name": "FEDORA-2009-1276",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
            },
            {
              "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
            },
            {
              "name": "42181",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42181"
            },
            {
              "name": "http://www.win.tue.nl/hashclash/rogue-ca/",
              "refsource": "MISC",
              "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2761",
    "datePublished": "2009-01-06T01:00:00.000Z",
    "dateReserved": "2009-01-05T05:00:00.000Z",
    "dateUpdated": "2024-08-08T01:36:25.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2Q4P-93P8-Q2J6

Vulnerability from github – Published: 2022-04-29 03:02 – Updated: 2025-04-09 04:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-2761"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-05T20:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
  "id": "GHSA-2q4p-93p8-q2j6",
  "modified": "2025-04-09T04:02:36Z",
  "published": "2022-04-29T03:02:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2761"
    },
    {
      "type": "WEB",
      "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33826"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34281"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42181"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4866"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024697"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
    },
    {
      "type": "WEB",
      "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/836068"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.phreedom.org/research/rogue-ca"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33065"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-740-1"
    },
    {
      "type": "WEB",
      "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign"
    },
    {
      "type": "WEB",
      "url": "http://www.win.tue.nl/hashclash/rogue-ca"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2024-AVI-0002

Vulnerability from certfr_avis - Published: 2024-01-02 - Updated: 2024-01-02

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	OnCell G3150A-LTE Series versions 1.3 et antérieures sans le dernier correctif de sécurité

References

Title

Publication Time

GSD-2004-2761

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-2761

Aliases

CVE-2004-2761

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-2761",
    "description": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
    "id": "GSD-2004-2761",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-2761.html",
      "https://access.redhat.com/errata/RHSA-2010:0838",
      "https://access.redhat.com/errata/RHSA-2010:0837"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-2761"
      ],
      "details": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.",
      "id": "GSD-2004-2761",
      "modified": "2023-12-13T01:22:55.034845Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-2761",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "33065",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33065"
          },
          {
            "name": "RHSA-2010:0837",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
          },
          {
            "name": "http://www.phreedom.org/research/rogue-ca/",
            "refsource": "MISC",
            "url": "http://www.phreedom.org/research/rogue-ca/"
          },
          {
            "name": "VU#836068",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/836068"
          },
          {
            "name": "4866",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4866"
          },
          {
            "name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
            "refsource": "MISC",
            "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
          },
          {
            "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
          },
          {
            "name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
            "refsource": "MISC",
            "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
          },
          {
            "name": "33826",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33826"
          },
          {
            "name": "34281",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34281"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
            "refsource": "MISC",
            "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
          },
          {
            "name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
          },
          {
            "name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
            "refsource": "MISC",
            "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
          },
          {
            "name": "RHSA-2010:0838",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
          },
          {
            "name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
            "refsource": "MISC",
            "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
          },
          {
            "name": "USN-740-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-740-1"
          },
          {
            "name": "1024697",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1024697"
          },
          {
            "name": "FEDORA-2009-1276",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
          },
          {
            "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
            "refsource": "CONFIRM",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
          },
          {
            "name": "42181",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/42181"
          },
          {
            "name": "http://www.win.tue.nl/hashclash/rogue-ca/",
            "refsource": "MISC",
            "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2761"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php",
              "refsource": "MISC",
              "tags": [],
              "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
            },
            {
              "name": "http://www.phreedom.org/research/rogue-ca/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.phreedom.org/research/rogue-ca/"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/961509.mspx",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
            },
            {
              "name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
            },
            {
              "name": "http://www.doxpara.com/research/md5/md5_someday.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
            },
            {
              "name": "33065",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33065"
            },
            {
              "name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
            },
            {
              "name": "http://www.win.tue.nl/hashclash/rogue-ca/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
            },
            {
              "name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
            },
            {
              "name": "VU#836068",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/836068"
            },
            {
              "name": "4866",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4866"
            },
            {
              "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
            },
            {
              "name": "33826",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33826"
            },
            {
              "name": "FEDORA-2009-1276",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
            },
            {
              "name": "USN-740-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-740-1"
            },
            {
              "name": "34281",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34281"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
            },
            {
              "name": "1024697",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1024697"
            },
            {
              "name": "RHSA-2010:0838",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
            },
            {
              "name": "RHSA-2010:0837",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
            },
            {
              "name": "42181",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42181"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
            },
            {
              "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-19T15:30Z",
      "publishedDate": "2009-01-05T20:30Z"
    }
  }
}

FKIE_CVE-2004-2761

Vulnerability from fkie_nvd - Published: 2009-01-05 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
cve@mitre.org	http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
cve@mitre.org	http://secunia.com/advisories/33826
cve@mitre.org	http://secunia.com/advisories/34281
cve@mitre.org	http://secunia.com/advisories/42181
cve@mitre.org	http://securityreason.com/securityalert/4866
cve@mitre.org	http://securitytracker.com/id?1024697
cve@mitre.org	http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
cve@mitre.org	http://www.doxpara.com/research/md5/md5_someday.pdf
cve@mitre.org	http://www.kb.cert.org/vuls/id/836068	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.microsoft.com/technet/security/advisory/961509.mspx	Mitigation, Patch, Vendor Advisory
cve@mitre.org	http://www.phreedom.org/research/rogue-ca/
cve@mitre.org	http://www.securityfocus.com/archive/1/499685/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/33065
cve@mitre.org	http://www.ubuntu.com/usn/usn-740-1
cve@mitre.org	http://www.win.tue.nl/hashclash/SoftIntCodeSign/
cve@mitre.org	http://www.win.tue.nl/hashclash/rogue-ca/
cve@mitre.org	https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=648886	Issue Tracking
cve@mitre.org	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
cve@mitre.org	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0837.html
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0838.html
cve@mitre.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
af854a3a-2127-422b-91ae-364da2661108	http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33826
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34281
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42181
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4866
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024697
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
af854a3a-2127-422b-91ae-364da2661108	http://www.doxpara.com/research/md5/md5_someday.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/836068	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/961509.mspx	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.phreedom.org/research/rogue-ca/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/499685/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33065
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-740-1
af854a3a-2127-422b-91ae-364da2661108	http://www.win.tue.nl/hashclash/SoftIntCodeSign/
af854a3a-2127-422b-91ae-364da2661108	http://www.win.tue.nl/hashclash/rogue-ca/
af854a3a-2127-422b-91ae-364da2661108	https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=648886	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0837.html
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0838.html
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html

Impacted products

	Vendor	Product	Version
	ietf	md5	-
	ietf	x.509_certificate	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFFBAC4-D50D-4CC4-A12C-9708D3C1199C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3009C5D9-9EF8-43B2-BF17-DEBC497994B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate."
    },
    {
      "lang": "es",
      "value": "El algoritmo MD5 Message-Digest no resistente a colisi\u00f3n, el cual hace m\u00e1s f\u00e1cil para atacantes dependientes de contexto, llevar a cabo ataques de suplantaci\u00f3n, como lo demuestran los ataques de utilizaci\u00f3n de MD5 en la firma del algoritmo de un certificado X.509."
    }
  ],
  "evaluatorImpact": "There are four significant mitigating factors.\n\n1) Most enterprise-class certificates, such as VeriSign\u2019s Extended Validation SSL Certificates use the still secure SHA-1 hash function. \n\n2) Certificates already issued with MD5 signatures are not at risk.  The exploit only affects new certificate acquisitions. \n\n3) CAs are quickly moving to replace MD5 with SHA-1.  For example, VeriSign was planning to phase out MD5 by the end of January 2009.  The date was pushed up due to the December proof of concept.  On December 31, 2008, RapidSSL certificates shipped with SHA-1 digital signatures. \n\n4)The researchers did not release the under-the-hood specifics of how the exploit was executed. \n\nSource - http://www.techrepublic.com/blog/it-security/the-new-md5-ssl-exploit-is-not-the-end-of-civilization-as-we-know-it/?tag=nl.e036",
  "id": "CVE-2004-2761",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-05T20:30:02.140",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33826"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34281"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/42181"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4866"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1024697"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/836068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.phreedom.org/research/rogue-ca/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33065"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-740-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.doxpara.com/research/md5/md5_someday.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/836068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.phreedom.org/research/rogue-ca/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-740-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.win.tue.nl/hashclash/rogue-ca/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03814en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Please see http://kbase.redhat.com/faq/docs/DOC-15379",
      "lastModified": "2009-01-07T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-2761 (GCVE-0-2004-2761)

GHSA-2Q4P-93P8-Q2J6

CERTFR-2024-AVI-0002

Solution

GSD-2004-2761

FKIE_CVE-2004-2761

Tags

Sightings

Nomenclature