Lucene search

[email protected]NVD:CVE-2008-5077

HistoryJan 07, 2009 - 5:30 p.m.

CVE-2008-5077

2009-01-0717:30:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.007

Percentile

81.0%

JSON

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Affected configurations

Nvd

Node

opensslopensslRange≤0.9.8h

opensslopensslMatch0.9.1c

opensslopensslMatch0.9.2b

opensslopensslMatch0.9.3

opensslopensslMatch0.9.3a

opensslopensslMatch0.9.4

opensslopensslMatch0.9.5

opensslopensslMatch0.9.5beta1

opensslopensslMatch0.9.5beta2

opensslopensslMatch0.9.5a

opensslopensslMatch0.9.5abeta1

opensslopensslMatch0.9.5abeta2

opensslopensslMatch0.9.6

opensslopensslMatch0.9.6beta1

opensslopensslMatch0.9.6beta2

opensslopensslMatch0.9.6beta3

opensslopensslMatch0.9.6a

opensslopensslMatch0.9.6abeta1

opensslopensslMatch0.9.6abeta2

opensslopensslMatch0.9.6abeta3

opensslopensslMatch0.9.6b

opensslopensslMatch0.9.6c

opensslopensslMatch0.9.6d

opensslopensslMatch0.9.6e

opensslopensslMatch0.9.6f

opensslopensslMatch0.9.6g

opensslopensslMatch0.9.6h

opensslopensslMatch0.9.6i

opensslopensslMatch0.9.6j

opensslopensslMatch0.9.6k

opensslopensslMatch0.9.6l

opensslopensslMatch0.9.6m

opensslopensslMatch0.9.7

opensslopensslMatch0.9.7beta1

opensslopensslMatch0.9.7beta2

opensslopensslMatch0.9.7beta3

opensslopensslMatch0.9.7beta4

opensslopensslMatch0.9.7beta5

opensslopensslMatch0.9.7beta6

opensslopensslMatch0.9.7a

opensslopensslMatch0.9.7b

opensslopensslMatch0.9.7c

opensslopensslMatch0.9.7d

opensslopensslMatch0.9.7e

opensslopensslMatch0.9.7f

opensslopensslMatch0.9.7g

opensslopensslMatch0.9.7h

opensslopensslMatch0.9.7i

opensslopensslMatch0.9.7j

opensslopensslMatch0.9.7k

opensslopensslMatch0.9.7l

opensslopensslMatch0.9.8

opensslopensslMatch0.9.8a

opensslopensslMatch0.9.8b

opensslopensslMatch0.9.8c

opensslopensslMatch0.9.8d

opensslopensslMatch0.9.8e

opensslopensslMatch0.9.8f

opensslopensslMatch0.9.8g

VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
opensslopenssl0.9.1ccpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
opensslopenssl0.9.2bcpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
opensslopenssl0.9.3cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
opensslopenssl0.9.3acpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
opensslopenssl0.9.4cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
opensslopenssl0.9.5cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
opensslopenssl0.9.5cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
opensslopenssl0.9.5cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
opensslopenssl0.9.5acpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openssl	openssl	*	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	0.9.1c	cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
openssl	openssl	0.9.2b	cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
openssl	openssl	0.9.3	cpe:2.3:a:openssl:openssl:0.9.3:::::::*
openssl	openssl	0.9.3a	cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
openssl	openssl	0.9.4	cpe:2.3:a:openssl:openssl:0.9.4:::::::*
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:::::::*
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
openssl	openssl	0.9.5	cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
openssl	openssl	0.9.5a	cpe:2.3:a:openssl:openssl:0.9.5a:::::::*

Rows per page:

1-10 of 591

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

marc.info/?l=bugtraq&m=123859864430555&w=2

marc.info/?l=bugtraq&m=124277349419254&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

secunia.com/advisories/33338

secunia.com/advisories/33394

secunia.com/advisories/33436

secunia.com/advisories/33557

secunia.com/advisories/33673

secunia.com/advisories/33765

secunia.com/advisories/34211

secunia.com/advisories/35074

secunia.com/advisories/35108

secunia.com/advisories/39005

security.gentoo.org/glsa/glsa-200902-02.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796

sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-038.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653

voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

www.ocert.org/advisories/ocert-2008-016.html

www.openssl.org/news/secadv_20090107.txt

www.redhat.com/support/errata/RHSA-2009-0004.html

www.securityfocus.com/archive/1/499827/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/33150

www.securitytracker.com/id?1021523

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2009/0040

www.vupen.com/english/advisories/2009/0289

www.vupen.com/english/advisories/2009/0362

www.vupen.com/english/advisories/2009/0558

www.vupen.com/english/advisories/2009/0904

www.vupen.com/english/advisories/2009/0913

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1338

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155

usn.ubuntu.com/704-1/

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.007

Percentile

81.0%

JSON

Related for NVD:CVE-2008-5077