Lucene search

K
cveMitreCVE-2009-3490
HistorySep 30, 2009 - 3:30 p.m.

CVE-2009-3490

2009-09-3015:30:00
CWE-310
mitre
web.nvd.nist.gov
50
gnu wget
cve-2009-3490
ssl servers
x.509 certificate
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.1%

GNU Wget before 1.12 does not properly handle a ‘\0’ character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected configurations

Nvd
Node
gnuwgetRange1.11.4
OR
gnuwgetMatch1.5.3
OR
gnuwgetMatch1.6
OR
gnuwgetMatch1.7
OR
gnuwgetMatch1.7.1
OR
gnuwgetMatch1.8
OR
gnuwgetMatch1.8.1
OR
gnuwgetMatch1.9
OR
gnuwgetMatch1.9.1
OR
gnuwgetMatch1.10
OR
gnuwgetMatch1.10.1
OR
gnuwgetMatch1.10.2
OR
gnuwgetMatch1.11
OR
gnuwgetMatch1.11.1
OR
gnuwgetMatch1.11.2
OR
gnuwgetMatch1.11.3
VendorProductVersionCPE
gnuwget*cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*
gnuwget1.5.3cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
gnuwget1.6cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
gnuwget1.7cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
gnuwget1.7.1cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
gnuwget1.8cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
gnuwget1.8.1cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
gnuwget1.9cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
gnuwget1.9.1cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
gnuwget1.10cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
Rows per page:
1-10 of 161

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.1%