Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-3941

Опубликовано: 16 нояб. 2009
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5

Описание

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1.0.28-1
cosmic

not-affected

1.0.28-1
dapper

DNE

devel

not-affected

1.0.28-1
esm-apps/bionic

not-affected

1.0.28-1
esm-apps/xenial

not-affected

1.0.28-1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [1.0.28-1]]
hardy

ignored

end of life
intrepid

ignored

end of life, was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 35%
0.00139
Низкий

5 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-3941

redhat
около 16 лет назад

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

nvd логотип

CVE-2009-3941

nvd
около 16 лет назад

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

debian логотип

CVE-2009-3941

debian
около 16 лет назад

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not prop ...

github логотип

GHSA-37wj-ffhc-82xv

github
больше 3 лет назад

Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

EPSS

Процентиль: 35%
0.00139
Низкий

5 Medium

CVSS2