Vulnerability Details : CVE-2009-0051
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Products affected by CVE-2009-0051
- cpe:2.3:a:zxid:zxid:*:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.25:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.28:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.19:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.27:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.26:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:zxid:zxid:0.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0051
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-0051
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0051
-
http://www.securityfocus.com/archive/1/499827/100/0/threaded
-
http://www.ocert.org/advisories/ocert-2008-016.html
oCERT archive
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47837
Multiple vendor OpenSSL DSA_verify() certificate chain validation security bypass CVE-2009-0051 Vulnerability Report
Jump to