PT-2009-2754 · Openssl+1 · Openssl+1

Publicado

2009-01-07

Atualizado

2018-10-11

CVE-2009-0048

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenEvidence versions 1.0.6 and earlier

Description The issue arises from improper checking of the return value from the OpenSSL EVP VerifyFinal function. This allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Recommendations For OpenEvidence versions 1.0.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2009-0048

Produtos afetados

Openevidence

Openssl

PT-2009-2754 · Openssl+1 · Openssl+1

CVE-2009-0048

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4