CVE-2009-0591

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/34460", "name": "34460", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1021907", "name": "1021907", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/34256", "name": "34256", "tags": [], "refsource": "BID"}, {"url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", "name": "http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/34411", "name": "34411", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/52865", "name": "52865", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2009/0850", "name": "ADV-2009-0850", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.openssl.org/news/secadv_20090325.txt", "name": "http://www.openssl.org/news/secadv_20090325.txt", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/34666", "name": "34666", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.php.net/archive/2009.php#id2009-04-08-1", "name": "http://www.php.net/archive/2009.php#id2009-04-08-1", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1020", "name": "ADV-2009-1020", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2009/1175", "name": "ADV-2009-1175", "tags": [], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html", "name": "SUSE-SR:2009:010", "tags": [], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/35065", "name": "35065", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35380", "name": "35380", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/1548", "name": "ADV-2009-1548", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=124464882609472&w=2", "name": "SSRT090059", "tags": [], "refsource": "HP"}, {"url": "http://secunia.com/advisories/35729", "name": "35729", "tags": [], "refsource": "SECUNIA"}, {"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc", "name": "NetBSD-SA2009-008", "tags": [], "refsource": "NETBSD"}, {"url": "http://support.apple.com/kb/HT3865", "name": "http://support.apple.com/kb/HT3865", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html", "name": "APPLE-SA-2009-09-10-2", "tags": [], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/36701", "name": "36701", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/42724", "name": "42724", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/42733", "name": "42733", "tags": [], "refsource": "SECUNIA"}, {"url": "https://kb.bluecoat.com/index?page=content&id=SA50", "name": "https://kb.bluecoat.com/index?page=content&id=SA50", "tags": [], "refsource": "CONFIRM"}, {"url": "http://marc.info/?l=bugtraq&m=127678688104458&w=2", "name": "HPSBOV02540", "tags": [], "refsource": "HP"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432", "name": "openssl-cmsverify-security-bypass(49432)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0591", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-03-27T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:29Z"}