VYPR
Unrated severityNVD Advisory· Published Feb 20, 2009· Updated Jun 16, 2026

CVE-2009-0653

CVE-2009-0653

Description

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.

Affected products

2
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    • (no CPE)range: 0.9.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.