5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
OpenSSL is vulnerable to CRL validation bypass. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause anapplication using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past.
CPE | Name | Operator | Version |
---|---|---|---|
openssl | eq | 1.0.0__4.el6 | |
openssl | eq | 1.0.0__4.el6_0.2 | |
openssl | eq | 1.0.0__4.el6_0.1 | |
openssl | eq | 1.0.0__4.el6 | |
openssl | eq | 1.0.0__4.el6_0.2 | |
openssl | eq | 1.0.0__4.el6_0.1 |
cvs.openssl.org/chngview?cn=21349
lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html
lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html
lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
marc.info/?l=bugtraq&m=133226187115472&w=2
openssl.org/news/secadv_20110906.txt
secunia.com/advisories/45956
secunia.com/advisories/57353
support.apple.com/kb/HT5784
www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
www.mandriva.com/security/advisories?name=MDVSA-2011:137
www.redhat.com/support/errata/RHSA-2011-1409.html
www.securitytracker.com/id?1026012
access.redhat.com/errata/RHSA-2011:1409
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=736087