[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0089Date: (C)2009-04-15   (M)2018-05-14


Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022041
BID-34437
SECUNIA-34677
ADV-2009-1027
IAVM:2009-A-0034
MS09-013
TA09-104A

CPE    15
cpe:/o:microsoft:windows_vista::gold
cpe:/o:microsoft:windows_2000::sp4
cpe:/o:microsoft:windows_xp::sp2
cpe:/o:microsoft:windows_server_2008:::x32
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:2558
oval:org.mitre.oval:def:6027

© SecPod Technologies