admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2004/CVE-2004-00xx/CVE-2004-0004.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

147 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2004-0004",
"sourceIdentifier": "cve@mitre.org",
"published": "2004-02-17T05:00:00.000",
"lastModified": "2024-11-20T23:47:33.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users."
},
{
"lang": "es",
"value": "La funci\u00f3n libCheckSignature en crypto-utils.lib de OpenCA 0.9.1.6 y anteriores s\u00f3lo compara el n\u00famero de serie del certificado del firmante y el de la base de datos, lo que puede causar que OpenCA acepte una firma de manera incorrecta si la cadena del certificado es de confianza para el directorio de cadenas de OpenCA, permitiendo a atacantes remotos suplantar peticiones de otros usuarios."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openca:openca:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.1.6",
"matchCriteriaId": "683731EC-7E2E-42F8-B6A7-4EAD0E0D9AD1"
}
]
}
]
}
],
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=107427313700554&w=2",
"source": "cve@mitre.org"
},
{
"url": "http://www.kb.cert.org/vuls/id/336446",
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
]
},
{
"url": "http://www.openca.org/news/CAN-2004-0004.txt",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.osvdb.org/3615",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/9435",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14847",
"source": "cve@mitre.org"
},
{
"url": "http://marc.info/?l=bugtraq&m=107427313700554&w=2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.kb.cert.org/vuls/id/336446",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
]
},
{
"url": "http://www.openca.org/news/CAN-2004-0004.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.osvdb.org/3615",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/9435",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14847",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink