6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
DISPUTED NOTE: this issue has been disputed by the upstream vendor.
nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka
libnasl) 2.2.11 does not properly check the return value from the OpenSSL
DSA_do_verify function, which allows remote attackers to bypass validation
of the certificate chain via a malformed SSL/TLS signature, a similar
vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed
this issue, stating βwhile we do misuse this function (this is a bug), it
has absolutely no security ramification.β
Author | Note |
---|---|
mdeslaur | related to CVE-2008-5077 upstream says no security ramifications: http://attrition.org/pipermail/vim/2009-January/002133.html letβs ignore this |