25 matches found
OpenSSL 0.9.8 < 0.9.8k Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8k. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8k advisory. - OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remo...
PT-2009-1169 · Bouncy Castle · Crypto Provider Package +1
Name of the Vulnerable Software and Affected Versions: Bouncy Castle Java Cryptography API versions prior to 1.38 Crypto Provider Package versions prior to 1.36 Description: The issue is related to a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes, which has...
CVE-2009-0591
The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...
CVE-2009-0591
The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...
Vulnerability in OpenSSL CVE-2009-0591
The function CMSverify does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked. Found by Ivan Nestlerode, IBM...