CVE-2009-2700

2009-09-0217:30:00

CWE-20

[email protected]

web.nvd.nist.gov

nokia

trolltech

qt 4.x

ssl

vulnerability

cve-2009-2700

nvd

x.509 certificate

man-in-the-middle

spoofing

ssl servers

certification authority

8.5 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.7%

JSON

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CPENameOperatorVersion
qt:qtqteq4.2.3
qt:qtqteq4.0.1
qt:qtqteq4.1.0
qt:qtqteq4.1.3
qt:qtqteq4.1.4
qt:qtqteq4.1.1
qt:qtqteq4.1.2
qt:qtqteq4.2.1
qt:qtqteq4.1.5
qt:qtqteq4.3.2