[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110507

 
 

909

 
 

86504

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2013-0166Date: (C)2013-02-08   (M)2018-05-12


OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECUNIA-53623
SECUNIA-55108
SECUNIA-55139
APPLE-SA-2013-09-12-1
DSA-2621
HPSBUX02856
HPSBUX02909
IAVM:2013-A-0077
IAVM:2013-A-0139
IAVM:2013-A-0179
IAVM:2013-A-0180
IAVM:2013-A-0181
RHSA-2013:0587
RHSA-2013:0782
RHSA-2013:0783
RHSA-2013:0833
SSRT101104
SSRT101108
SSRT101289
SUSE-SU-2015:0578
VU#737740
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
http://support.apple.com/kb/HT5880
http://www.openssl.org/news/secadv_20130204.txt
http://www.splunk.com/view/SP-CAAAHXG
https://bugzilla.redhat.com/show_bug.cgi?id=908052
openSUSE-SU-2016:0640

CPE    95
cpe:/a:redhat:openssl:0.9.7a-2
cpe:/a:redhat:openssl:0.9.6b-3
cpe:/a:redhat:openssl:0.9.6-15
cpe:/a:openssl:openssl:1.0.0j
...
CWE    1
CWE-310
OVAL    16
oval:org.secpod.oval:def:15480
oval:org.secpod.oval:def:600964
oval:org.secpod.oval:def:701181
oval:org.secpod.oval:def:701203
...

© SecPod Technologies