Lucene search

Veracode Vulnerability DatabaseVERACODE:23034

HistoryApr 10, 2020 - 12:13 a.m.

Spoofable SSL Certificate

2020-04-1000:13:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

SeaMonkey is vulnerable to spoofable SSL certificate. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim.

CPENameOperatorVersion
seamonkeyeq1.0.3__0.el4.1
seamonkeyeq1.0.3__0.el3.1
devhelpeq0.10__0.2.el4
firefoxeq1.5.0.5__0.el4.1
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq1.5.0.5__0.el4.1
seamonkeyeq1.0.3__0.el4.1
seamonkeyeq1.0.3__0.el3.1
devhelpeq0.10__0.2.el4
firefoxeq1.5.0.5__0.el4.1

Name	Operator	Version
seamonkey	eq	1.0.3__0.el4.1
seamonkey	eq	1.0.3__0.el3.1
devhelp	eq	0.10__0.2.el4
firefox	eq	1.5.0.5__0.el4.1
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	1.5.0.5__0.el4.1
seamonkey	eq	1.0.3__0.el4.1
seamonkey	eq	1.0.3__0.el3.1
devhelp	eq	0.10__0.2.el4
firefox	eq	1.5.0.5__0.el4.1

Rows per page:

1-10 of 121

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

secunia.com/advisories/21903

secunia.com/advisories/21906

secunia.com/advisories/21915

secunia.com/advisories/21916

secunia.com/advisories/21939

secunia.com/advisories/21940

secunia.com/advisories/21949

secunia.com/advisories/21950

secunia.com/advisories/22001

secunia.com/advisories/22025

secunia.com/advisories/22036

secunia.com/advisories/22044

secunia.com/advisories/22055

secunia.com/advisories/22056

secunia.com/advisories/22066

secunia.com/advisories/22074

secunia.com/advisories/22088

secunia.com/advisories/22195

secunia.com/advisories/22210

secunia.com/advisories/22226

secunia.com/advisories/22247

secunia.com/advisories/22274

secunia.com/advisories/22299

secunia.com/advisories/22342

secunia.com/advisories/22422

secunia.com/advisories/22446

secunia.com/advisories/22849

secunia.com/advisories/22992

secunia.com/advisories/23883

secunia.com/advisories/24711

security.gentoo.org/glsa/glsa-200609-19.xml

security.gentoo.org/glsa/glsa-200610-01.xml

securitytracker.com/id?1016858

securitytracker.com/id?1016859

securitytracker.com/id?1016860

sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

support.avaya.com/elmodocs2/security/ASA-2006-224.htm

support.avaya.com/elmodocs2/security/ASA-2006-250.htm

www.debian.org/security/2006/dsa-1192

www.debian.org/security/2006/dsa-1210

www.gentoo.org/security/en/glsa/glsa-200610-06.xml

www.imc.org/ietf-openpgp/mail-archive/msg14307.html

www.mandriva.com/security/advisories?name=MDKSA-2006:168

www.mandriva.com/security/advisories?name=MDKSA-2006:169

www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

www.mozilla.org/security/announce/2006/mfsa2006-60.html

www.mozilla.org/security/announce/2006/mfsa2006-66.html

www.novell.com/linux/security/advisories/2006_54_mozilla.html

www.novell.com/linux/security/advisories/2006_55_ssl.html

www.redhat.com/security/updates/classification/#critical

www.redhat.com/support/errata/RHSA-2006-0675.html

www.redhat.com/support/errata/RHSA-2006-0676.html

www.redhat.com/support/errata/RHSA-2006-0677.html

www.securityfocus.com/archive/1/446140/100/0/threaded

www.ubuntu.com/usn/usn-350-1

www.ubuntu.com/usn/usn-351-1

www.ubuntu.com/usn/usn-352-1

www.ubuntu.com/usn/usn-354-1

www.ubuntu.com/usn/usn-361-1

www.us-cert.gov/cas/techalerts/TA06-312A.html

www.us.debian.org/security/2006/dsa-1191

www.vupen.com/english/advisories/2006/3617

www.vupen.com/english/advisories/2006/3622

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2006/3899

www.vupen.com/english/advisories/2007/0293

www.vupen.com/english/advisories/2007/1198

www.vupen.com/english/advisories/2008/0083

www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

access.redhat.com/errata/RHSA-2006:0676

exchange.xforce.ibmcloud.com/vulnerabilities/30098

issues.rpath.com/browse/RPL-640

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:23034