Computer Security
[EN] securityvulns.ru
no-pyccku

  

wget certificate spoofing
Published:07.10.2009
Source:
SecurityVulns ID:10295
Type:client
Threat Level:
5/10
Description:It's possible to spoof ceritificate by using NULL character in the Common Name.
Affected:GNU : wget 1.11
CVE:CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.)
Original documentdocumentUBUNTU, [USN-842-1] Wget vulnerability (07.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru