Lucene search
HistoryJan 07, 2009 - 6:30 p.m.
CVE-2009-0047
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
81.1%
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Affected configurations
Node
galegaleRangeβ€0.99
ORgalegaleMatch0.15
ORgalegaleMatch0.15b
ORgalegaleMatch0.15c
ORgalegaleMatch0.16
ORgalegaleMatch0.16a
ORgalegaleMatch0.17
ORgalegaleMatch0.17a
ORgalegaleMatch0.18
ORgalegaleMatch0.18b
ORgalegaleMatch0.18c
ORgalegaleMatch0.19
ORgalegaleMatch0.19a
ORgalegaleMatch0.19b
ORgalegaleMatch0.20a
ORgalegaleMatch0.21
ORgalegaleMatch0.90a
ORgalegaleMatch0.90b
ORgalegaleMatch0.90c
ORgalegaleMatch0.91
ORgalegaleMatch0.91a
ORgalegaleMatch0.91b
Related
cve
cve
prion
prion
Input validation
2009-01-07 18:30:00
Input validation
2009-01-07 17:30:00
Input validation
2009-01-07 18:30:00
cvelist
cvelist
openvas
openvas
Gale EVP_VerifyFinal() Security Bypass Vulnerability
2009-01-19 00:00:00
Gale EVP_VerifyFinal() Security Bypass Vulnerability
2009-01-19 00:00:00
SLES9: Security update for openssl
2009-10-10 00:00:00
nessus
nessus
openSUSE Security Update : libopenssl-devel (libopenssl-devel-461)
2009-07-21 00:00:00
GLSA-200902-02 : OpenSSL: Certificate validation error
2009-02-13 00:00:00
Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : openssl (SSA:2009-014-01)
2009-01-15 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: tqsllib-2.0-5.fc9
2009-01-15 03:07:29
[SECURITY] Fedora 10 Update: tqsllib-2.0-5.fc10
2009-01-15 02:55:49
[SECURITY] Fedora 10 Update: openssl-0.9.8g-12.fc10
2009-01-08 04:19:50
debiancve
debiancve
seebug
seebug
OpenSSL 'EVP_VerifyFinal'ε½ζ°ηΎειͺθ―ζΌζ΄
2009-01-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
centos
centos
openssl, openssl096b, openssl097a security update
2009-01-07 22:28:50
openssl, openssl095a, openssl096 security update
2009-02-02 23:30:18
ubuntu
ubuntu
OpenSSL vulnerability
2009-01-07 00:00:00
debian
debian
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness
2009-01-12 20:03:29
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:30:43
nvd
nvd
redhat
redhat
(RHSA-2009:0004) Important: openssl security update
2009-01-07 00:00:00
securityvulns
securityvulns
oraclelinux
oraclelinux
openssl security update
2009-01-07 00:00:00
suse
suse
SSL certificate checking bypass in openssl
2009-01-23 16:31:52
gentoo
gentoo
OpenSSL: Certificate validation error
2009-02-12 00:00:00
ntp: Certificate validation error
2009-04-05 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2008-5077
2009-01-07 00:00:00
ubuntucve
ubuntucve
osv
osv
openssl openssl097 - cryptographic weakness
2009-01-12 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:02.openssl
2009-01-07 00:00:00
f5
f5
SOL9889 - NTP vulnerability CVE-2009-0021
2009-04-05 00:00:00
K9889 : NTP vulnerability CVE-2009-0021
2013-03-25 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
81.1%
Related for NVD:CVE-2009-0047