Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1 matches found

seebug.org
seebug.orgadded 2009/01/08 12:0 a.m.340 views

OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞

BUGTRAQ ID: 33150 CVE ID:CVE-2008-5077 CNCVE ID:CNCVE-20085077 OpenSSL是一款开放源码的SSL实现,用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVPVerifyFinal"函数返回值,发送特殊构建的签名证书链给客户端,可绕过签名检查。 通过恶意服务器或中间人攻击,可使证书链中的畸形SSL/TLS签名绕过客户端软件检查,导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10 spar...

5.8CVSS7.3AI score0.00237EPSS
Exploits1
Rows per page
Query Builder