Уязвимость CVE-2009-2474: Информация
Описание
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Важность: MEDIUM (5,8)
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
FEDORA-2009-8815 |
|
[neon] 20090818 neon: release 0.28.6 (SECURITY) |
|
FEDORA-2009-8794 |
|
36371 |
|
[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names |
|
ADV-2009-2341 |
|
MDVSA-2009:221 |
|
36079 |
|
USN-835-1 |
|
36799 |
|
http://support.apple.com/kb/HT4435 |
|
APPLE-SA-2010-11-10-1 |
|
oval:org.mitre.oval:def:11721 |
|