CVE-2009-0161 : The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterp

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

Published 2009-05-13 15:30:01

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-0161

Apple » Mac Os X » Version: 10.5.5
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.6
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.0
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.4.11
cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.1
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.2
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.3
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.6
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server » Version: 10.5.0
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-0161

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-0161

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2009-0161

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0161

http://secunia.com/advisories/35074

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/1297

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.securityfocus.com/bid/34926

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/50592
http://support.apple.com/kb/HT3549

About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple Support
Patch;Vendor Advisory

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Apple Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-0161

Products affected by CVE-2009-0161

Exploit prediction scoring system (EPSS) score for CVE-2009-0161

CVSS scores for CVE-2009-0161

CWE ids for CVE-2009-0161

References for CVE-2009-0161