Summary
This host is running OpenSSL and is prone to Security Bypass Vulnerability.
Impact
Successful exploitation will let the attacker spoof the SSL cerficate and gain sensitive information of the remote user through inserting a malicious URL in the contenxt of the openssl certificate.
Solution
Upgrade to OpenSSL version 1.0.0 or later,
For further updates refer, http://www.openssl.org/news
Insight
OpenSSL fails to verify the Basic Constraints for an intermediate CA-signed certificate.
Affected
OpenSSL version 0.9.6 or prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0653 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Astium VoIP PBX SQL Injection Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Apache Struts ClassLoader Manipulation Vulnerabilities