[Forgot Password]
Login  Register Subscribe

23631

 
 

115036

 
 

95906

 
 

909

 
 

77949

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0089

Date: (C)2009-04-15   (M)2017-10-04
 
CVSS Score: 5.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 4.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: PARTIAL











Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

Reference:
SECTRACK-1022041
BID-34437
SECUNIA-34677
ADV-2009-1027
IAVM:2009-A-0034
MS09-013
TA09-104A

CPE    15
cpe:/o:microsoft:windows_vista::sp1
cpe:/o:microsoft:windows_server_2008:::x32
cpe:/o:microsoft:windows_server_2003::sp2:x64
cpe:/o:microsoft:windows_server_2003::sp1:itanium
...
CWE    1
CWE-20
OVAL    2
oval:org.mitre.oval:def:6027
oval:org.secpod.oval:def:2558

© 2013 SecPod Technologies