MidnightBSD

Advisories for openca

CVE-2003-0960 HIGH

OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openca openca 0.9.0.1
openca openca 0.8.0
openca openca 0.9.1
openca openca 0.9.0
openca openca 0.9.0.2
openca openca 0.8.6
openca openca 0.9.1.3
openca openca 0.8.1
openca openca 0.9.1.2
CVE-2004-0004 HIGH

The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openca openca *
CVE-2004-0787 MEDIUM

Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openca openca 0.9.0.1
openca openca 0.8.0
openca openca 0.9.0
openca openca 0.9.2_rc6
openca openca 0.9.1.7
openca openca 0.8.1
openca openca 0.9.1.5
openca openca 0.9.1.4
openca openca 0.9.1
openca openca 0.9.0.2
openca openca 0.8.6
openca openca 0.9.1.3
openca openca 0.9.1.8
openca openca 0.9.1.6
openca openca 0.9.1.2