[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3490Date: (C)2009-09-30   (M)2023-12-22


GNU Wget before 1.12 does not properly handle a '' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-36205
SECUNIA-36540
ADV-2009-2498
http://permalink.gmane.org/gmane.comp.web.wget.general/8972
http://marc.info/?l=oss-security&m=125198917018936&w=2
http://marc.info/?l=oss-security&m=125369675820512&w=2
http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html
http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://bugzilla.redhat.com/show_bug.cgi?id=520454
oval:org.mitre.oval:def:11099

CPE    13
cpe:/a:gnu:wget:1.10
cpe:/a:gnu:wget:1.11
cpe:/a:gnu:wget:1.10.2
cpe:/a:gnu:wget:1.10.1
...
CWE    1
CWE-310
OVAL    15
oval:org.secpod.oval:def:300550
oval:org.secpod.oval:def:300579
oval:org.secpod.oval:def:101458
oval:org.secpod.oval:def:200557
...

© SecPod Technologies