CVE-2009-0653
Published Feb 20, 2009
Last updated 15 years ago
Overview
- Description
- OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Vendor comments
- Red HatNot vulnerable. This issue was addressed in upstream OpenSSL prior to 0.9.6 and therefore does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D"
}
],
"operator": "OR"
}
]
}
]