CVE-2004-2761
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
05/01/2009
Last modified:
09/04/2025
Description
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ietf:md5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ietf:x.509_certificate:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
- http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
- http://secunia.com/advisories/33826
- http://secunia.com/advisories/34281
- http://secunia.com/advisories/42181
- http://securityreason.com/securityalert/4866
- http://securitytracker.com/id?1024697=
- http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
- http://www.doxpara.com/research/md5/md5_someday.pdf
- http://www.kb.cert.org/vuls/id/836068
- http://www.microsoft.com/technet/security/advisory/961509.mspx
- http://www.phreedom.org/research/rogue-ca/
- http://www.securityfocus.com/archive/1/499685/100/0/threaded
- http://www.securityfocus.com/bid/33065
- http://www.ubuntu.com/usn/usn-740-1
- http://www.win.tue.nl/hashclash/SoftIntCodeSign/
- http://www.win.tue.nl/hashclash/rogue-ca/
- https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
- https://bugzilla.redhat.com/show_bug.cgi?id=648886
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://rhn.redhat.com/errata/RHSA-2010-0837.html
- https://rhn.redhat.com/errata/RHSA-2010-0838.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
- https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
- http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
- http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
- http://secunia.com/advisories/33826
- http://secunia.com/advisories/34281
- http://secunia.com/advisories/42181
- http://securityreason.com/securityalert/4866
- http://securitytracker.com/id?1024697=
- http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
- http://www.doxpara.com/research/md5/md5_someday.pdf
- http://www.kb.cert.org/vuls/id/836068
- http://www.microsoft.com/technet/security/advisory/961509.mspx
- http://www.phreedom.org/research/rogue-ca/
- http://www.securityfocus.com/archive/1/499685/100/0/threaded
- http://www.securityfocus.com/bid/33065
- http://www.ubuntu.com/usn/usn-740-1
- http://www.win.tue.nl/hashclash/SoftIntCodeSign/
- http://www.win.tue.nl/hashclash/rogue-ca/
- https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
- https://bugzilla.redhat.com/show_bug.cgi?id=648886
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://rhn.redhat.com/errata/RHSA-2010-0837.html
- https://rhn.redhat.com/errata/RHSA-2010-0838.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us
- https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html