[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2973Date: (C)2009-08-27   (M)2023-12-22


Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-36417
ADV-2009-2420
google-chrome-algorithm-spoofing(52903)
http://code.google.com/p/chromium/issues/detail?id=18725
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html

CPE    30
cpe:/a:google:chrome:0.2.149.30
cpe:/a:google:chrome:1.0.154.39
cpe:/a:google:chrome:1.0.154.59
cpe:/a:google:chrome:1.0.154.36
...
CWE    1
CWE-310
OVAL    4
oval:org.secpod.oval:def:36807
oval:org.secpod.oval:def:36806
oval:org.secpod.oval:def:33084
oval:org.secpod.oval:def:33085
...

© SecPod Technologies