CVE-2004-0004

{"id": "CVE-2004-0004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-02-17T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107427313700554&w=2", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/336446", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.openca.org/news/CAN-2004-0004.txt", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3615", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9435", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14847", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107427313700554&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/336446", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openca.org/news/CAN-2004-0004.txt", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/3615", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9435", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14847", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users."}, {"lang": "es", "value": "La funci\u00f3n libCheckSignature en crypto-utils.lib de OpenCA 0.9.1.6 y anteriores s\u00f3lo compara el n\u00famero de serie del certificado del firmante y el de la base de datos, lo que puede causar que OpenCA acepte una firma de manera incorrecta si la cadena del certificado es de confianza para el directorio de cadenas de OpenCA, permitiendo a atacantes remotos suplantar peticiones de otros usuarios."}], "lastModified": "2024-11-20T23:47:33.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openca:openca:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "683731EC-7E2E-42F8-B6A7-4EAD0E0D9AD1", "versionEndIncluding": "0.9.1.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}