CVE-2007-5810

Name of the Vulnerable Software and Affected Versions: Hitachi Web Server versions 01-00 through 03-00-01 OpenSSL versions 0.9.7j and prior OpenSSL versions 0.9.8b and prior

Description: The issue is related to the improper validation of SSL client certificates, which could allow remote attackers to spoof authentication via a client certificate with a forged signature. This vulnerability affects PKCS #1 v1.5 signatures, particularly when the exponent of the public key is 3, a common setting used by Certificate Authorities. An attacker could exploit this to forge signatures without the secret key, potentially accessing certificate-protected resources. The vulnerability is notable because PKCS #1 v1.5 is often used within X.509 certificates, making applications that use OpenSSL to verify these certificates potentially vulnerable.

Recommendations: For Hitachi Web Server versions 01-00 through 03-00-01, consider updating the SSL client certificate validation mechanism to properly verify the authenticity of client certificates. For OpenSSL versions 0.9.7j and prior, update to a version later than 0.9.7j to address the vulnerability in handling PKCS #1 v1.5 signatures. For OpenSSL versions 0.9.8b and prior, update to a version later than 0.9.8b to mitigate the risk associated with forged X.509 certificates.