OpenSSL CA Certificate Security Bypass Vulnerability Network Vulnerability

Summary

This host is running OpenSSL and is prone to Security Bypass Vulnerability.

Impact

Successful exploitation will let the attacker spoof the SSL cerficate and gain sensitive information of the remote user through inserting a malicious URL in the contenxt of the openssl certificate.

Solution

Upgrade to OpenSSL version 1.0.0 or later, For further updates refer, http://www.openssl.org/news

Insight

OpenSSL fails to verify the Basic Constraints for an intermediate CA-signed certificate.

Affected

OpenSSL version 0.9.6 or prior.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0653

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0653

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Artmedic Kleinanzeigen File Inclusion Vulnerability
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
Astium VoIP PBX SQL Injection Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities

Take action and discover your vulnerabilities