[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0089

Date: (C)2009-04-15   (M)2017-10-04 


Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

CVSS Score: 5.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1022041
BID-34437
SECUNIA-34677
ADV-2009-1027
IAVM:2009-A-0034
MS09-013
TA09-104A

CPE    15
cpe:/o:microsoft:windows_vista::gold
cpe:/o:microsoft:windows_server_2008:::itanium
cpe:/o:microsoft:windows_server_2008:::x32
cpe:/o:microsoft:windows_server_2008:::x64
...
CWE    1
CWE-20
OVAL    2
oval:org.mitre.oval:def:6027
oval:org.secpod.oval:def:2558

© 2013 SecPod Technologies