Lucene search
Ubuntu.comUB:CVE-2009-0653HistoryFeb 20, 2009 - 12:00 a.m.
CVE-2009-0653
2009-02-2000:00:00
ubuntu.com
ubuntu.com
36
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.011
Percentile
85.0%
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an
intermediate CA-signed certificate, which allows remote attackers to spoof
the certificates of trusted sites via a man-in-the-middle attack, a related
issue to CVE-2002-0970.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream says this was fixed in 0.9.5 http://marc.info/?l=openssl-dev&m=123603013118058&w=3 |
Related
debiancve
debiancve
CVE-2009-0653
2009-02-20 19:30:00
cvelist
cvelist
CVE-2009-0653
2009-02-20 19:00:00
CVE-2002-0970
2004-09-01 04:00:00
nvd
nvd
CVE-2009-0653
2009-02-20 19:30:00
CVE-2002-0970
2002-09-24 04:00:00
cve
cve
CVE-2009-0653
2009-02-20 19:30:00
CVE-2002-0970
2004-09-01 04:00:00
prion
prion
Sql injection
2009-02-20 19:30:00
redhatcve
redhatcve
CVE-2009-0653
2015-10-30 10:27:20
nessus
nessus
OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability
2012-01-04 00:00:00
Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror
2004-09-29 00:00:00
Mandrake Linux Security Advisory : kdelibs (MDKSA-2002:058)
2004-07-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
Debian Security Advisory DSA 155-1 (kdelibs)
2008-01-17 00:00:00
OpenSSL CA Certificate Security Bypass Vulnerability
2009-03-02 00:00:00
osv
osv
kdelibs - privacy escalation with Konqueror
2002-08-17 00:00:00
redhat
redhat
(RHSA-2003:003) kdelibs security update
2003-02-17 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.011
Percentile
85.0%
Related for UB:CVE-2009-0653