Lucene search

[email protected]CVE-2009-0591

HistoryMar 27, 2009 - 4:30 p.m.

CVE-2009-0591

2009-03-2716:30:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-0591

openssl

cms

remote attackers

security vulnerability

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

Affected configurations

NVD

Node

opensslopensslMatch0.9.8h

opensslopensslMatch0.9.8i

opensslopensslMatch0.9.8j

CPENameOperatorVersion
openssl:opensslopenssleq0.9.8h
openssl:opensslopenssleq0.9.8i
openssl:opensslopenssleq0.9.8j

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	0.9.8h
openssl:openssl	openssl	eq	0.9.8i
openssl:openssl	openssl	eq	0.9.8j

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

marc.info/?l=bugtraq&m=124464882609472&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

secunia.com/advisories/34411

secunia.com/advisories/34460

secunia.com/advisories/34666

secunia.com/advisories/35065

secunia.com/advisories/35380

secunia.com/advisories/35729

secunia.com/advisories/36701

secunia.com/advisories/42724

secunia.com/advisories/42733

securitytracker.com/id?1021907

sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

support.apple.com/kb/HT3865

voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

www.openssl.org/news/secadv_20090325.txt

www.osvdb.org/52865

www.php.net/archive/2009.php#id2009-04-08-1

www.securityfocus.com/bid/34256

www.vupen.com/english/advisories/2009/0850

www.vupen.com/english/advisories/2009/1020

www.vupen.com/english/advisories/2009/1175

www.vupen.com/english/advisories/2009/1548

exchange.xforce.ibmcloud.com/vulnerabilities/49432

kb.bluecoat.com/index?page=content&id=SA50

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2009-0591

f52 openvas13 ubuntucve1 prion1 openssl1 cvelist1 nvd1 nessus6 debiancve1 threatpost1 altlinux4 slackware1