Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-3942

Опубликовано: 16 нояб. 2009
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4

Описание

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

1.4.19-1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [1.4.19-1]]
hardy

ignored

end of life
intrepid

ignored

end of life, was needed
jaunty

ignored

end of life
karmic

ignored

end of life
lucid

not-affected

1.4.19-1
maverick

ignored

end of life
natty

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 41%
0.0019
Низкий

6.4 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2009-3942

redhat
около 16 лет назад

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

nvd логотип

CVE-2009-3942

nvd
около 16 лет назад

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

debian логотип

CVE-2009-3942

debian
около 16 лет назад

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not pro ...

github логотип

GHSA-fq9p-mw8p-ccwj

github
больше 3 лет назад

Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

EPSS

Процентиль: 41%
0.0019
Низкий

6.4 Medium

CVSS2