[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81341

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0089Date: (C)2009-04-15   (M)2018-02-19


Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 5.8
Exploit Score: Exploit Score: 8.6
Impact Score : Impact Score : 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  





Reference:
SECTRACK-1022041
BID-34437
SECUNIA-34677
ADV-2009-1027
IAVM:2009-A-0034
MS09-013
TA09-104A

CPE    15
cpe:/o:microsoft:windows_vista::gold
cpe:/o:microsoft:windows_server_2003::sp1:itanium
cpe:/o:microsoft:windows_server_2003:::x64
cpe:/o:microsoft:windows_server_2008:::x32
...
CWE    1
CWE-20
OVAL    2
oval:org.mitre.oval:def:6027
oval:org.secpod.oval:def:2558

© 2013 SecPod Technologies