Lucene search
HistoryFeb 20, 2009 - 7:30 p.m.
CVE-2009-0653
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.011
Percentile
85.0%
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
Affected configurations
Node
opensslopensslMatch0.9.6
Related
debiancve
debiancve
CVE-2009-0653
2009-02-20 19:30:00
cvelist
cvelist
CVE-2009-0653
2009-02-20 19:00:00
CVE-2002-0970
2004-09-01 04:00:00
cve
cve
CVE-2009-0653
2009-02-20 19:30:00
CVE-2002-0970
2004-09-01 04:00:00
prion
prion
Sql injection
2009-02-20 19:30:00
redhatcve
redhatcve
CVE-2009-0653
2015-10-30 10:27:20
nessus
nessus
OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability
2012-01-04 00:00:00
Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror
2004-09-29 00:00:00
Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:058)
2004-07-31 00:00:00
ubuntucve
ubuntucve
CVE-2009-0653
2009-02-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
OpenSSL CA Certificate Security Bypass Vulnerability
2009-03-02 00:00:00
nvd
nvd
CVE-2002-0970
2002-09-24 04:00:00
osv
osv
kdelibs - privacy escalation with Konqueror
2002-08-17 00:00:00
redhat
redhat
(RHSA-2003:003) kdelibs security update
2003-02-17 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.011
Percentile
85.0%
Related for NVD:CVE-2009-0653