{"api_version":"1","generated_at":"2026-04-23T09:37:02+00:00","cve":"CVE-2004-0590","urls":{"html":"https://cve.report/CVE-2004-0590","api":"https://cve.report/api/cve/CVE-2004-0590.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-0590","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-0590"},"summary":{"title":"CVE-2004-0590","description":"FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-12-06 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.openswan.org/support/vuln/can-2004-0590/","name":"http://www.openswan.org/support/vuln/can-2004-0590/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Openswan: CAN-2004-0590","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070","name":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16515","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16515","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-200406-20.xml","name":"http://security.gentoo.org/glsa/glsa-200406-20.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-0590","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-0590","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"frees_wan","cpe5":"frees_wan","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"frees_wan","cpe5":"frees_wan","cpe6":"2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"frees_wan","cpe5":"super_frees_wan","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openswan","cpe5":"openswan","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openswan","cpe5":"openswan","cpe6":"2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"590","vulnerable":"1","versionEndIncluding":"2.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"strongswan","cpe5":"strongswan","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T00:24:27.001Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"MDKSA-2004:070","tags":["vendor-advisory","x_refsource_MANDRAKE","x_transferred"],"url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.openswan.org/support/vuln/can-2004-0590/"},{"name":"GLSA-200406-20","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200406-20.xml"},{"name":"ipsec-verifyx509cert-auth-bypass(16515)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-06-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"MDKSA-2004:070","tags":["vendor-advisory","x_refsource_MANDRAKE"],"url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.openswan.org/support/vuln/can-2004-0590/"},{"name":"GLSA-200406-20","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200406-20.xml"},{"name":"ipsec-verifyx509cert-auth-bypass(16515)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-0590","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MDKSA-2004:070","refsource":"MANDRAKE","url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070"},{"name":"http://www.openswan.org/support/vuln/can-2004-0590/","refsource":"CONFIRM","url":"http://www.openswan.org/support/vuln/can-2004-0590/"},{"name":"GLSA-200406-20","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200406-20.xml"},{"name":"ipsec-verifyx509cert-auth-bypass(16515)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/16515"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-0590","datePublished":"2004-06-30T04:00:00.000Z","dateReserved":"2004-06-23T00:00:00.000Z","dateUpdated":"2024-08-08T00:24:27.001Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-12-06 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*","matchCriteriaId":"10B562DF-7470-4C26-9989-0872DA521B44"},{"vulnerable":true,"criteria":"cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*","matchCriteriaId":"E5B02427-164D-4B6B-ACF1-662691FC6828"},{"vulnerable":true,"criteria":"cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*","matchCriteriaId":"4C94B5FB-8830-4217-BB07-36DAD9902259"},{"vulnerable":true,"criteria":"cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*","matchCriteriaId":"06740766-75C5-4EDA-8BFD-96C5E7AE1A73"},{"vulnerable":true,"criteria":"cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*","matchCriteriaId":"E54638CB-40EE-47D1-A373-1AEF85DE9405"},{"vulnerable":true,"criteria":"cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.2","matchCriteriaId":"D62594D0-8847-4CC4-9AFD-3C216D429C5B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"590","Ordinal":"1","Title":"CVE-2004-0590","CVE":"CVE-2004-0590","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"590","Ordinal":"1","NoteData":"FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.","Type":"Description","Title":"CVE-2004-0590"},{"CveYear":"2004","CveId":"590","Ordinal":"2","NoteData":"2004-06-30","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"590","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}