CVE-2004-2761
Summary
| CVE | CVE-2004-2761 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2009-01-05 20:30:00 UTC |
|---|
| Updated | 2018-10-19 15:30:00 UTC |
|---|
| Description | The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Document Display | HPE Support Center |
CONFIRM |
support.hpe.com |
|
| USN-740-1: NSS vulnerability | Ubuntu |
UBUNTU |
www.ubuntu.com |
|
| Security Vulnerability Research & Defense : Information regarding MD5 collisions problem |
MISC |
blogs.technet.com |
|
| Document Display | HPE Support Center |
CONFIRM |
h20566.www2.hpe.com |
|
| Bug 648886 – CVE-2004-2761 MD5: MD5 Message-Digest Algorithm is not collision resistant |
CONFIRM |
bugzilla.redhat.com |
Issue Tracking |
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
|
| [SECURITY] Fedora 9 Update: nss-3.12.2.0-2.fc9 |
FEDORA |
www.redhat.com |
|
| Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT |
MISC |
ics-cert.us-cert.gov |
|
| Your request has been blocked. This could be
due to several reasons. |
MISC |
www.microsoft.com |
Mitigation, Patch, Vendor Advisory |
| Creating a rogue CA certificate |
MISC |
www.phreedom.org |
|
| MD5 Considered Harmful Today: Creating a rogue CA certificate - SecurityReason.com |
SREASON |
securityreason.com |
|
| MD5 Weaknesses Could Lead to Certificate Forgery at Mozilla Security Blog |
MISC |
blog.mozilla.com |
|
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| SecurityTracker.com Archives - Red Hat Certificate System Bugs Let Remote Users Obtain One-Time PINs and Generate Certificates |
SECTRACK |
securitytracker.com |
|
| Page not found | Dan Kaminsky's Blog |
MISC |
www.doxpara.com |
|
| www.win.tue.nl/hashclash/SoftIntCodeSign |
MISC |
www.win.tue.nl |
|
| Red Hat Certificate Server MD5 and SCEP Vulnerabilities - Advisories - Community |
SECUNIA |
secunia.com |
|
| Document Display | HPE Support Center |
CONFIRM |
h20566.www2.hpe.com |
|
| IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability |
BID |
www.securityfocus.com |
|
| About Secunia Research | Flexera |
SECUNIA |
secunia.com |
|
| Fedora update for nss - Secunia Advisories - Vulnerability Intelligence - Secunia.com |
SECUNIA |
secunia.com |
|
| Tim Callan's SSL Blog - Online Security |
MISC |
blogs.verisign.com |
|
| www.win.tue.nl/hashclash/rogue-ca |
MISC |
www.win.tue.nl |
|
| US-CERT Vulnerability Note VU#836068 |
CERT-VN |
www.kb.cert.org |
Third Party Advisory, US Government Resource |
| Cisco Security Response: MD5 Hashes May Allow for Certificate Spoofing [Products & Services] - Cisco Systems |
CISCO |
www.cisco.com |
|
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2009-01-07 | Mark J Cox | Please see http://kbase.redhat.com/faq/docs/DOC-15379 |
There are currently no legacy QID mappings associated with this CVE.
