Vulnerability Details CVE-2009-0050
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.securityfocus.com/archive/1/499827/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47837
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.securityfocus.com/archive/1/499827/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47837
Products affected by CVE-2009-0050
-
cpe:2.3:a:entrouvert:lasso:0.4.0
-
cpe:2.3:a:entrouvert:lasso:0.4.1
-
cpe:2.3:a:entrouvert:lasso:0.6.0
-
cpe:2.3:a:entrouvert:lasso:0.6.1
-
cpe:2.3:a:entrouvert:lasso:0.6.2
-
cpe:2.3:a:entrouvert:lasso:0.6.3
-
cpe:2.3:a:entrouvert:lasso:0.6.4
-
cpe:2.3:a:entrouvert:lasso:1.9.9.0
-
cpe:2.3:a:entrouvert:lasso:2.0.0-1
-
cpe:2.3:a:entrouvert:lasso:2.2.1
-
cpe:2.3:a:entrouvert:lasso:2.2.1-0