5 matches found
GHSA-HGG6-8X62-M9GF Improper Certificate Validation in Apache CXF
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...
USN-5402-1: OpenSSL vulnerabilities
Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary commands when crehash is run. CVE-2022-1292 Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote...
GHSA-MFM6-R9G2-Q4R7 `OCSP_basic_verify` may incorrectly verify the response signing certificate
The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...
`OCSP_basic_verify` may incorrectly verify the response signing certificate
The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...
RUSTSEC-2022-0027 `OCSP_basic_verify` may incorrectly verify the response signing certificate
The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...