[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-0166

Date: (C)2013-02-08   (M)2017-09-22
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Reference:
SECUNIA-53623
SECUNIA-55108
SECUNIA-55139
APPLE-SA-2013-09-12-1
DSA-2621
HPSBUX02856
HPSBUX02909
IAVM:2013-A-0077
IAVM:2013-A-0139
IAVM:2013-A-0179
IAVM:2013-A-0180
IAVM:2013-A-0181
RHSA-2013:0587
RHSA-2013:0782
RHSA-2013:0783
RHSA-2013:0833
SSRT101104
SSRT101108
SSRT101289
SUSE-SU-2015:0578
VU#737740
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
http://support.apple.com/kb/HT5880
http://www.openssl.org/news/secadv_20130204.txt
http://www.splunk.com/view/SP-CAAAHXG
https://bugzilla.redhat.com/show_bug.cgi?id=908052
openSUSE-SU-2016:0640

CPE    95
cpe:/a:redhat:openssl:0.9.7a-2
cpe:/a:redhat:openssl:0.9.6b-3
cpe:/a:redhat:openssl:0.9.6-15
cpe:/a:openssl:openssl:1.0.0h
...
CWE    1
CWE-310
OVAL    16
oval:org.secpod.oval:def:104689
oval:org.secpod.oval:def:501010
oval:org.secpod.oval:def:104718
oval:org.secpod.oval:def:1300164
...

© 2013 SecPod Technologies