Improper input validation in Entrouvert Lasso

CVE-2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability t…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.013 (67.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2009-0050?
CVE-2009-0050 is a vulnerability in Entrouvert Lasso, classified under Improper Input Validation. Published 2009-01-07.
Is CVE-2009-0050 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.