2.6

CVE-2009-0591

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.8h
OpenSSLOpenSSL Version0.9.8i
OpenSSLOpenSSL Version0.9.8j
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.74% 0.842
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
https://kb.bluecoat.com/index?page=content&id=SA50
http://marc.info/?l=bugtraq&m=127678688104458&w=2
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
http://marc.info/?l=bugtraq&m=124464882609472&w=2
http://secunia.com/advisories/34411
Vendor Advisory
http://secunia.com/advisories/34460
Vendor Advisory
http://secunia.com/advisories/34666
http://secunia.com/advisories/35380
http://secunia.com/advisories/35729
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
Vendor Advisory
http://www.openssl.org/news/secadv_20090325.txt
Vendor Advisory
http://www.php.net/archive/2009.php#id2009-04-08-1
http://www.securityfocus.com/bid/34256
http://www.vupen.com/english/advisories/2009/0850
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1020
http://www.vupen.com/english/advisories/2009/1175
http://www.vupen.com/english/advisories/2009/1548
http://securitytracker.com/id?1021907
http://www.osvdb.org/52865
https://exchange.xforce.ibmcloud.com/vulnerabilities/49432