NVD

Id
47982  
Name
CVE-2009-0653  
Description
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-02-20  
Modified Date
2009-06-25  
Seq
2009-0653  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
240564 47982 CVE-2009-0653 http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike  View
240565 47982 CVE-2009-0653 https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40365 JVNDB-2009-001371 OpenSSL における中間認証局が署名した証明書の基本制約を検証しない脆弱性 OpenSSL には、中間認証局が署名した証明書の基本制約を検証しない脆弱性が存在します。 CVE-2009-0653 38084 CVE-2009-0653 47982 6.4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001371.html 2009-02-20 2009-06-30 View