VDB
RHSA-2013%3A0782
RHSA-2013%3A0782
PUBLISHED
CVSS 5 MEDIUM
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.
Risk Scores
CVSS 2.0
5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Web Platform 5.2 |
Timeline
- May 1, 2013 CVE Published
- Apr 11, 2025 PoC Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2013:0782 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=enterpriseweb.platform&version=5.2.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=907589 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=908052 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0782.json advisory
- https://access.redhat.com/security/cve/CVE-2013-0166 advisory
- https://www.cve.org/CVERecord?id=CVE-2013-0166 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-0166 advisory
- http://www.openssl.org/news/secadv_20130205.txt advisory
- https://access.redhat.com/security/cve/CVE-2013-0169 advisory
- https://www.cve.org/CVERecord?id=CVE-2013-0169 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2013-0169 advisory
- http://www.isg.rhul.ac.uk/tls/ advisory
- https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released advisory