Vulnerabilities > CVE-2003-0960 - Unspecified vulnerability in Openca

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

openca

nessus

NVD

Published: 2003-12-15

Updated: 2016-10-18

Summary

OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.

Vulnerable Configurations

Part	Description	Count
Application	Openca Openca Openca 0.8.0 Openca Openca 0.8.1 Openca Openca 0.8.6 Openca Openca 0.9.0 Openca Openca 0.9.0.1 Openca Openca 0.9.0.2 Openca Openca 0.9.1 Openca Openca 0.9.1.2 Openca Openca 0.9.1.3	9

Nessus

NASL family	CGI abuses
NASL id	OPENCA_MULT_SIGN_FLAWS.NASL
description	The remote host seems to be running an older version of OpenCA. It is reported that OpenCA versions up to and incluing 0.9.1.3 contains multiple flaws that may allow revoked or expired certificates to be accepted as valid.
last seen	2020-06-01
modified	2020-06-02
plugin id	14714
published	2004-09-13
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14714
title	OpenCA Multiple Signature Validation Bypass
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14714); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2003-0960"); script_bugtraq_id(9123); script_name(english:"OpenCA Multiple Signature Validation Bypass"); script_summary(english:"Checks for the version of OpenCA"); script_set_attribute(attribute:"synopsis", value: "The remote application is vulnerable to several flaws."); script_set_attribute(attribute:"description", value: "The remote host seems to be running an older version of OpenCA. It is reported that OpenCA versions up to and incluing 0.9.1.3 contains multiple flaws that may allow revoked or expired certificates to be accepted as valid."); script_set_attribute(attribute:"solution", value: "Upgrade to the newest version of this software."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("openca_html_injection.nasl"); script_require_ports("Services/www", 80); exit(0); } include("http_func.inc"); port = get_http_port(default:80, embedded:TRUE); if (!get_port_state(port)) exit(0); version = get_kb_item("www/" + port + "/openca/version"); if ( ! version ) exit(0); if ( egrep(pattern:"(0\.[0-8]\.\|0\.9\.(0\|1$\|1\.[1-3][^0-9]))", string:version) ) security_hole(port);

Packetstorm

data source	https://packetstormsecurity.com/files/download/32282/_BSSADV-0000.txt
id	PACKETSTORM:32282
last seen	2016-12-05
published	2003-12-01
reporter	The Bugtraq Team
source	https://packetstormsecurity.com/files/32282/_BSSADV-0000.txt.html
title	_BSSADV-0000.txt

References

http://marc.info/?l=bugtraq&m=107003609308765&w=2