Description

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Remediation

References

CVE-2008-5077

Related Vulnerabilities

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.7)

WordPress Plugin WooCommerce Salesforce Integration Cross-Site Scripting (1.5.8)

MySQL CVE-2017-3238 Vulnerability (CVE-2017-3238)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)

PHP Other Vulnerability (CVE-2015-2787)

Severity

Medium

Classification

CVE-2008-5077 CWE-20

Tags

Missing Update Known Vulnerabilities