CVE-2004-0590

Опубликовано: 06 дек. 2004

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

Ссылки

http://security.gentoo.org/glsa/glsa-200406-20.xml
Patch
Vendor Advisory
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
Patch
Vendor Advisory
http://www.openswan.org/support/vuln/can-2004-0590/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16515
http://security.gentoo.org/glsa/glsa-200406-20.xml
Patch
Vendor Advisory
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070
Patch
Vendor Advisory
http://www.openswan.org/support/vuln/can-2004-0590/
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16515

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*

cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*

cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*

cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*

cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*

cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

Версия до 2.1.2 (включая)

EPSS

Процентиль: 68%

0.00579

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-0590

debian

почти 21 год назад

FreeS/WAN 1.x and 2.x, and other related products including superfrees ...

GHSA-5qp2-wwm4-h7fm

github

больше 3 лет назад