WEB APPLICATION VULNERABILITIES Standard & Premium

OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0742)

Description

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

Remediation

References

Related Vulnerabilities

Joomla! Core Directory Traversal (2.5.0 - 3.9.20)

WordPress Plugin Plug-N-Edit Full Drag & Drop HTML Visual Editor with Web Page Builder WYSIWYG Cross-Site Scripting (5.2.0)

WordPress Plugin 3D Tag Cloud Cross-Site Request Forgery (3.8)

WordPress Plugin Rockhoist Ratings SQL Injection (1.2.1)

Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)

Severity

High

Classification

CVE-2010-0742

Tags

Missing Update Known Vulnerabilities