Lucene search
HistoryFeb 20, 2009 - 7:30 p.m.
CVE-2009-0653
cve-2009-0653
openssl
certificate spoofing
man-in-the-middle attack
security vulnerability
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.0%
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl:openssl | openssl | eq | 0.9.6 |
Related
cvelist
cvelist
CVE-2009-0653
2022-10-03 16:24:10
CVE-2002-0970
2004-09-01 04:00:00
debiancve
debiancve
CVE-2009-0653
2009-02-20 19:30:00
nessus
nessus
OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability
2012-01-04 00:00:00
Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror
2004-09-29 00:00:00
Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:058)
2004-07-31 00:00:00
ubuntucve
ubuntucve
CVE-2009-0653
2009-02-20 00:00:00
prion
prion
Sql injection
2009-02-20 19:30:00
redhatcve
redhatcve
CVE-2009-0653
2015-10-30 10:27:20
openvas
openvas
OpenSSL CA Certificate Security Bypass Vulnerability
2009-03-02 00:00:00
OpenSSL CA Certificate Security Bypass Vulnerability
2009-03-02 00:00:00
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
cve
cve
CVE-2002-0970
2002-09-24 04:00:00
osv
osv
kdelibs - privacy escalation with Konqueror
2002-08-17 00:00:00
redhat
redhat
(RHSA-2003:003) kdelibs security update
2003-02-17 00:00:00
6.3 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.0%
Related for CVE-2009-0653