[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2730Date: (C)2009-08-12   (M)2024-02-22


libgnutls in GnuTLS before 2.8.2 does not properly handle a '' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1022777
http://www.securityfocus.com/archive/1/507985/100/0/threaded
SECUNIA-36266
SECUNIA-36496
RHSA-2009:1232
RHSA-2010:0095
SUSE-SR:2009:015
http://www.openwall.com/lists/oss-security/2009/08/14/6
gnutls-cn-san-security-bypass(52404)
http://article.gmane.org/gmane.network.gnutls.general/1733
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
oval:org.mitre.oval:def:10778
oval:org.mitre.oval:def:8409

CPE    121
cpe:/a:gnu:gnutls:1.0.24
cpe:/a:gnu:gnutls:1.0.25
cpe:/a:gnu:gnutls:1.0.20
cpe:/a:gnu:gnutls:1.0.21
...
CWE    1
CWE-310
OVAL    11
oval:org.secpod.oval:def:201994
oval:org.secpod.oval:def:202774
oval:org.secpod.oval:def:202072
oval:org.secpod.oval:def:202736
...

© SecPod Technologies