Lucene search

K
cve[email protected]CVE-2009-2730
HistoryAug 12, 2009 - 10:30 a.m.

CVE-2009-2730

2009-08-1210:30:01
CWE-310
web.nvd.nist.gov
49
libgnutls
x.509 certificate
ssl
server spoofing
cve-2009-2730
nvd

5.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%

libgnutls in GnuTLS before 2.8.2 does not properly handle a ‘\0’ character in a domain name in the subject’s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Affected configurations

NVD
Node
gnugnutlsRange2.8.1
OR
gnugnutlsMatch1.0.16
OR
gnugnutlsMatch1.0.17
OR
gnugnutlsMatch1.0.18
OR
gnugnutlsMatch1.0.19
OR
gnugnutlsMatch1.0.20
OR
gnugnutlsMatch1.0.21
OR
gnugnutlsMatch1.0.22
OR
gnugnutlsMatch1.0.23
OR
gnugnutlsMatch1.0.24
OR
gnugnutlsMatch1.0.25
OR
gnugnutlsMatch1.1.13
OR
gnugnutlsMatch1.1.14
OR
gnugnutlsMatch1.1.15
OR
gnugnutlsMatch1.1.16
OR
gnugnutlsMatch1.1.17
OR
gnugnutlsMatch1.1.18
OR
gnugnutlsMatch1.1.19
OR
gnugnutlsMatch1.1.20
OR
gnugnutlsMatch1.1.21
OR
gnugnutlsMatch1.1.22
OR
gnugnutlsMatch1.1.23
OR
gnugnutlsMatch1.2.0
OR
gnugnutlsMatch1.2.1
OR
gnugnutlsMatch1.2.2
OR
gnugnutlsMatch1.2.3
OR
gnugnutlsMatch1.2.4
OR
gnugnutlsMatch1.2.5
OR
gnugnutlsMatch1.2.6
OR
gnugnutlsMatch1.2.7
OR
gnugnutlsMatch1.2.8
OR
gnugnutlsMatch1.2.8.1a1
OR
gnugnutlsMatch1.2.9
OR
gnugnutlsMatch1.2.10
OR
gnugnutlsMatch1.2.11
OR
gnugnutlsMatch1.3.0
OR
gnugnutlsMatch1.3.1
OR
gnugnutlsMatch1.3.2
OR
gnugnutlsMatch1.3.3
OR
gnugnutlsMatch1.3.4
OR
gnugnutlsMatch1.3.5
OR
gnugnutlsMatch1.4.0
OR
gnugnutlsMatch1.4.1
OR
gnugnutlsMatch1.4.2
OR
gnugnutlsMatch1.4.3
OR
gnugnutlsMatch1.4.4
OR
gnugnutlsMatch1.4.5
OR
gnugnutlsMatch1.5.0
OR
gnugnutlsMatch1.5.1
OR
gnugnutlsMatch1.5.2
OR
gnugnutlsMatch1.5.3
OR
gnugnutlsMatch1.5.4
OR
gnugnutlsMatch1.5.5
OR
gnugnutlsMatch1.6.0
OR
gnugnutlsMatch1.6.1
OR
gnugnutlsMatch1.6.2
OR
gnugnutlsMatch1.6.3
OR
gnugnutlsMatch1.7.0
OR
gnugnutlsMatch1.7.1
OR
gnugnutlsMatch1.7.2
OR
gnugnutlsMatch1.7.3
OR
gnugnutlsMatch1.7.4
OR
gnugnutlsMatch1.7.5
OR
gnugnutlsMatch1.7.6
OR
gnugnutlsMatch1.7.7
OR
gnugnutlsMatch1.7.8
OR
gnugnutlsMatch1.7.9
OR
gnugnutlsMatch1.7.10
OR
gnugnutlsMatch1.7.11
OR
gnugnutlsMatch1.7.12
OR
gnugnutlsMatch1.7.13
OR
gnugnutlsMatch1.7.14
OR
gnugnutlsMatch1.7.15
OR
gnugnutlsMatch1.7.16
OR
gnugnutlsMatch1.7.17
OR
gnugnutlsMatch1.7.18
OR
gnugnutlsMatch1.7.19
OR
gnugnutlsMatch2.0.0
OR
gnugnutlsMatch2.0.1
OR
gnugnutlsMatch2.0.2
OR
gnugnutlsMatch2.0.3
OR
gnugnutlsMatch2.0.4
OR
gnugnutlsMatch2.1.0
OR
gnugnutlsMatch2.1.1
OR
gnugnutlsMatch2.1.2
OR
gnugnutlsMatch2.1.3
OR
gnugnutlsMatch2.1.4
OR
gnugnutlsMatch2.1.5
OR
gnugnutlsMatch2.1.6
OR
gnugnutlsMatch2.1.7
OR
gnugnutlsMatch2.1.8
OR
gnugnutlsMatch2.2.0
OR
gnugnutlsMatch2.2.1
OR
gnugnutlsMatch2.2.2
OR
gnugnutlsMatch2.2.3
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.3.0
OR
gnugnutlsMatch2.3.1
OR
gnugnutlsMatch2.3.2
OR
gnugnutlsMatch2.3.3
OR
gnugnutlsMatch2.3.4
OR
gnugnutlsMatch2.3.5
OR
gnugnutlsMatch2.3.6
OR
gnugnutlsMatch2.3.7
OR
gnugnutlsMatch2.3.8
OR
gnugnutlsMatch2.3.9
OR
gnugnutlsMatch2.3.10
OR
gnugnutlsMatch2.3.11
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.5.0
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.8.0

5.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.9%