Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nessus授权问题漏洞
Vulnerability Description
Tenable Network Security Nessus是美国Tenable Network Security公司的一款开源的系统漏洞扫描器。 Nessus Attack Scripting Language library 没有正确处理函数OpenSSL DSA_do_verify返回值,使系统存在授权问题漏洞。远程攻击者可以通过伪造SSL/TLS签名绕过证书链表符合性检查。
CVSS Information
N/A
Vulnerability Type
N/A