Computer Security
[EN] securityvulns.ru no-pyccku


Nokia Trolltech Qt4 SSL certificate spoofing
Published:09.09.2009
Source:
SecurityVulns ID:10216
Type:library
Threat Level:
5/10
Description:certificate spoofing with \0 symbol in domain name.
Affected:QT : QT 4.5
CVE:CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:225 ] qt4 (09.09.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod