Computer Security

CVE-2009-3490
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-3490
StatusCandidate
DescriptionGNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
SeverityMedium
CVSS score6,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
PhaseAssigned (21.08.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3490
ReferencesBID : 36205
 CONFIRM : http://hg.addictivecode.org/wget/mainline/rev/1eab...
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=520454
 MLIST : [bug-wget] 20090922 Release: GNU Wget 1.12
 MLIST : [oss-security] 20090903 More CVE-2009-2408 like issues
 MLIST : [oss-security] 20090923 Re: More CVE-2009-2408 like issues
 MLIST : [wget-notify] 20090805 [bug #27183] Wget likely suffers from the \0 SSL cert vulnerability
 OVAL : oval:org.mitre.oval:def:11099
 SECUNIA : 36540
 VUPEN : ADV-2009-2498
SecurityVulns:wget certificate spoofing
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru