Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-2702HistorySep 08, 2009 - 6:30 p.m.
CVE-2009-2702
2009-09-0818:30:00
Debian Security Bug Tracker
security-tracker.debian.org
15
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.2%
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | kde4libs | < 4:4.3.2-1 | kde4libs_4:4.3.2-1_all.deb |
Related
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2009-09-08 18:30:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
cve
cve
nessus
nessus
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)
2011-11-02 00:00:00
Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
2010-07-30 00:00:00
openvas
openvas
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-03 00:00:00
Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
2011-11-03 00:00:00
Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
2010-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: kdebase-4.3.1-2.fc10
2009-09-15 07:41:19
[SECURITY] Fedora 11 Update: kdeadmin-4.3.1-1.fc11
2009-09-15 07:39:23
[SECURITY] Fedora 10 Update: kdeaccessibility-4.3.1-1.fc10
2009-09-15 07:41:19
debian
debian
[SECURITY] [DSA 1916-1] New kdelibs packages fix SSL certificate verification weakness
2009-10-24 00:12:00
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
ubuntu
ubuntu
KDE-Libs vulnerability
2009-09-17 00:00:00
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
seebug
seebug
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
debiancve
debiancve
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
KDE KSSL certificate spoofing
2011-04-11 00:00:00
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
2009-08-08 00:00:00
exploitdb
exploitdb
f5
f5
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
K15683 : Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.2%
Related for DEBIANCVE:CVE-2009-2702