SSL: SSL Certificate Signed With MD5 Hash (2)
This signature detects SSL certificates that have been signed using the MD5 hash algorithm. Known weaknesses in the MD5 algorithm allow for certificates signed with it to be spoofed by attackers. The certificate detected by this signature could potentially be illegitimate. All certificates in the signing chain are checked.
Extended Description
EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Affected Products
Dell emc_vasa_provider_virtual_appliance
Short Name
SSL:MD5-SIGNATURE-2
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
(2) CVE-2003-0543 CVE-2004-0748 CVE-2008-5448 CVE-2016-8027 CVE-2017-10949 CVE-2017-11394 CVE-2017-4997 Certificate Hash MD5 SSL Signed With bid:33065 bid:99169
Release Date
06/18/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Dell
CVSS Score
7.5
10.0
5.0