exploitDog

CVE-2009-0046

Опубликовано: 07 янв. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sun:grid_engine:*:*:*:*:*:*:*:*

Версия до 5.3 (включая)

cpe:2.3:a:sun:grid_engine:5.3:beta1:*:*:*:*:*:*

cpe:2.3:a:sun:grid_engine:5.3:beta2:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00088

Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2009-0046

ubuntu

почти 17 лет назад

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

GHSA-9wmh-wp74-54qv

github

больше 3 лет назад

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

EPSS

Процентиль: 26%

0.00088

Низкий

5 Medium

CVSS2

Дефекты

CWE-287