FKIE_CVE-2009-0051
Vulnerability from fkie_nvd - Published: 2009-01-07 18:30 - Updated: 2026-06-16 23:04
Severity
Summary
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zxid | zxid | * | |
| zxid | zxid | 0.1 | |
| zxid | zxid | 0.2 | |
| zxid | zxid | 0.3 | |
| zxid | zxid | 0.4 | |
| zxid | zxid | 0.5 | |
| zxid | zxid | 0.6 | |
| zxid | zxid | 0.7 | |
| zxid | zxid | 0.8 | |
| zxid | zxid | 0.9 | |
| zxid | zxid | 0.10 | |
| zxid | zxid | 0.11 | |
| zxid | zxid | 0.12 | |
| zxid | zxid | 0.13 | |
| zxid | zxid | 0.14 | |
| zxid | zxid | 0.15 | |
| zxid | zxid | 0.16 | |
| zxid | zxid | 0.17 | |
| zxid | zxid | 0.18 | |
| zxid | zxid | 0.19 | |
| zxid | zxid | 0.20 | |
| zxid | zxid | 0.21 | |
| zxid | zxid | 0.22 | |
| zxid | zxid | 0.25 | |
| zxid | zxid | 0.26 | |
| zxid | zxid | 0.27 | |
| zxid | zxid | 0.28 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zxid:zxid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FBF13B6-C08F-4B37-852A-CFA68C2493FE",
"versionEndIncluding": "0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BEB522C-2349-4297-AF71-2263968BAEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25720EAB-8656-45CB-983F-458782A44B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "764ACFF4-BFD6-4FFE-81F3-30092E4023D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8198CC-A1C6-49CB-B473-6C5CEF92BB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20660655-9FD4-4264-A689-4D722B16661D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E75A1370-596D-45A2-A4E2-218717498F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "255CCFCC-98B5-466F-9463-0E386C5B8FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3821FD3-3F2B-43F3-A089-94EE7F60BCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "83DF2771-1B0E-4AB4-8F1C-32D6365B7A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "00C538E3-BF56-41A8-BD71-6988CF935505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "47A7E3CA-8AC2-4382-8D77-325B1B12418C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "850DE94C-34DF-4C46-8383-2A544B71C5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D00FA7-822A-4743-84C2-7FA4F120F865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAC7BD0-7771-4511-BC69-7A9EB43A8139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "14410832-E77B-4644-B561-B1158DD3BE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "037D3B59-2688-4A4E-A328-426B12F97684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A0E88B-09C6-4533-9409-9498E170C10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CAB4BF-2D00-461A-B906-547560CFA965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "133EDD59-49D9-4FDC-8833-420F3E6B8211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD6C71-8661-44B4-98B9-71E5181D999D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2596C783-B061-45A1-9C75-4A02FDF5D004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2590DB77-E5C0-4C5A-B1B3-6488F2EEC8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "CA74ED53-DF05-46A6-9B76-80A9BB40CC57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C90A5D7D-A08B-46BF-A9A8-18EEADE63284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "70E439D0-A0A9-417F-9DC4-C02BC52589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zxid:zxid:0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "39FD0D74-FC99-4E2A-BF8B-59B0A485575D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077."
},
{
"lang": "es",
"value": "ZXID versi\u00f3n 0.29 y anteriores, no comprueba apropiadamente el valor devuelto de la funci\u00f3n DSA_verify de OpenSSL, que permite a los atacantes remotos omitir la comprobaci\u00f3n de la cadena de certificados por medio de una firma de SSL/TLS malformada, una vulnerabilidad similar a CVE-2008-5077."
}
],
"id": "CVE-2009-0051",
"lastModified": "2026-06-16T23:04:10.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-07T18:30:15.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…