Vulnerabilities > CVE-2003-0960 - Unspecified vulnerability in Openca
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family | CGI abuses |
NASL id | OPENCA_MULT_SIGN_FLAWS.NASL |
description | The remote host seems to be running an older version of OpenCA. It is reported that OpenCA versions up to and incluing 0.9.1.3 contains multiple flaws that may allow revoked or expired certificates to be accepted as valid. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14714 |
published | 2004-09-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14714 |
title | OpenCA Multiple Signature Validation Bypass |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/32282/_BSSADV-0000.txt |
id | PACKETSTORM:32282 |
last seen | 2016-12-05 |
published | 2003-12-01 |
reporter | The Bugtraq Team |
source | https://packetstormsecurity.com/files/32282/_BSSADV-0000.txt.html |
title | _BSSADV-0000.txt |