Search for vulnerabilities
Vulnerability details: VCID-rfd5-enzs-aaad
Vulnerability ID VCID-rfd5-enzs-aaad
Aliases CVE-2009-0591
VC-OPENSSL-20090325-CVE-2009-0591
Summary The function CMS_verify() does not correctly handle an error condition involving malformed signed attributes. This will cause an invalid set of signed attributes to appear valid and content digests will not be checked.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-287 Improper Authentication
System Score Found at
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.00786 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01401 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01401 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01401 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01401 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.01797 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
epss 0.0421 https://api.first.org/data/v1/epss?cve=CVE-2009-0591
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=492623
generic_textual MODERATE https://kb.bluecoat.com/index?page=content&id=SA50
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2009-0591
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://marc.info/?l=bugtraq&m=124464882609472&w=2
http://marc.info/?l=bugtraq&m=127678688104458&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0591.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0591
http://secunia.com/advisories/34411
http://secunia.com/advisories/34460
http://secunia.com/advisories/34666
http://secunia.com/advisories/35065
http://secunia.com/advisories/35380
http://secunia.com/advisories/35729
http://secunia.com/advisories/36701
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://securitytracker.com/id?1021907
https://exchange.xforce.ibmcloud.com/vulnerabilities/49432
https://kb.bluecoat.com/index?page=content&id=SA50
http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
http://support.apple.com/kb/HT3865
https://www.openssl.org/news/secadv/20090325.txt
http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
http://www.openssl.org/news/secadv_20090325.txt
http://www.osvdb.org/52865
http://www.php.net/archive/2009.php#id2009-04-08-1
http://www.securityfocus.com/bid/34256
http://www.vupen.com/english/advisories/2009/0850
http://www.vupen.com/english/advisories/2009/1020
http://www.vupen.com/english/advisories/2009/1175
http://www.vupen.com/english/advisories/2009/1548
492623 https://bugzilla.redhat.com/show_bug.cgi?id=492623
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
CVE-2009-0591 https://nvd.nist.gov/vuln/detail/CVE-2009-0591
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0591
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81899
EPSS Score 0.00786
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.