{ "id": "CVE-2009-0051", "sourceIdentifier": "cve@mitre.org", "published": "2009-01-07T18:30:15.890", "lastModified": "2018-10-11T20:59:48.983", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077." }, { "lang": "es", "value": "ZXID versi\u00f3n 0.29 y anteriores, no comprueba apropiadamente el valor devuelto de la funci\u00f3n DSA_verify de OpenSSL, que permite a los atacantes remotos omitir la comprobaci\u00f3n de la cadena de certificados por medio de una firma de SSL/TLS malformada, una vulnerabilidad similar a CVE-2008-5077." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-287" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.29", "matchCriteriaId": "5FBF13B6-C08F-4B37-852A-CFA68C2493FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BEB522C-2349-4297-AF71-2263968BAEB8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "25720EAB-8656-45CB-983F-458782A44B6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "764ACFF4-BFD6-4FFE-81F3-30092E4023D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4F8198CC-A1C6-49CB-B473-6C5CEF92BB05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "20660655-9FD4-4264-A689-4D722B16661D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E75A1370-596D-45A2-A4E2-218717498F69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "255CCFCC-98B5-466F-9463-0E386C5B8FF9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3821FD3-3F2B-43F3-A089-94EE7F60BCFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "83DF2771-1B0E-4AB4-8F1C-32D6365B7A59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "00C538E3-BF56-41A8-BD71-6988CF935505" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "47A7E3CA-8AC2-4382-8D77-325B1B12418C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "850DE94C-34DF-4C46-8383-2A544B71C5A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "F9D00FA7-822A-4743-84C2-7FA4F120F865" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.14:*:*:*:*:*:*:*", "matchCriteriaId": "6AAC7BD0-7771-4511-BC69-7A9EB43A8139" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.15:*:*:*:*:*:*:*", "matchCriteriaId": "14410832-E77B-4644-B561-B1158DD3BE22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.16:*:*:*:*:*:*:*", "matchCriteriaId": "037D3B59-2688-4A4E-A328-426B12F97684" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.17:*:*:*:*:*:*:*", "matchCriteriaId": "F6A0E88B-09C6-4533-9409-9498E170C10E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.18:*:*:*:*:*:*:*", "matchCriteriaId": "A6CAB4BF-2D00-461A-B906-547560CFA965" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.19:*:*:*:*:*:*:*", "matchCriteriaId": "133EDD59-49D9-4FDC-8833-420F3E6B8211" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "11DD6C71-8661-44B4-98B9-71E5181D999D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.21:*:*:*:*:*:*:*", "matchCriteriaId": "2596C783-B061-45A1-9C75-4A02FDF5D004" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.22:*:*:*:*:*:*:*", "matchCriteriaId": "2590DB77-E5C0-4C5A-B1B3-6488F2EEC8E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.25:*:*:*:*:*:*:*", "matchCriteriaId": "CA74ED53-DF05-46A6-9B76-80A9BB40CC57" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.26:*:*:*:*:*:*:*", "matchCriteriaId": "C90A5D7D-A08B-46BF-A9A8-18EEADE63284" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.27:*:*:*:*:*:*:*", "matchCriteriaId": "70E439D0-A0A9-417F-9DC4-C02BC52589C5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zxid:zxid:0.28:*:*:*:*:*:*:*", "matchCriteriaId": "39FD0D74-FC99-4E2A-BF8B-59B0A485575D" } ] } ] } ], "references": [ { "url": "http://www.ocert.org/advisories/ocert-2008-016.html", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837", "source": "cve@mitre.org" } ] }