6.8

CVE-2009-0642

Exploit

EPSS 1.46%
Published 20.02.2009 06:47:48
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

Affected products Warnungen 0 Metrics 2 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Ruby-lang ≫ Ruby Version1.8

Ruby-lang ≫ Ruby Version1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.46%	0.79

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/35699

http://www.redhat.com/support/errata/RHSA-2009-1140.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528

http://redmine.ruby-lang.org/issues/show/1091

Exploit

http://secunia.com/advisories/33750

http://secunia.com/advisories/35937

http://www.mandriva.com/security/advisories?name=MDVSA-2009:193

http://www.securityfocus.com/bid/33769

http://www.securitytracker.com/id?1022505

http://www.ubuntu.com/usn/USN-805-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/48761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450

https://nvd.nist.gov/vuln/detail/CVE-2009-0642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0642

EUVD