Lucene search

[email protected]NVD:CVE-2009-2417

HistoryAug 14, 2009 - 3:16 p.m.

CVE-2009-2417

2009-08-1415:16:27

CWE-310

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a ‘\0’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected configurations

NVD

Node

curllibcurlMatch7.4

curllibcurlMatch7.4.1

curllibcurlMatch7.4.2

curllibcurlMatch7.5

curllibcurlMatch7.5.1

curllibcurlMatch7.5.2

curllibcurlMatch7.6

curllibcurlMatch7.6.1

curllibcurlMatch7.7

curllibcurlMatch7.7.1

curllibcurlMatch7.7.2

curllibcurlMatch7.7.3

curllibcurlMatch7.8

curllibcurlMatch7.8.1

curllibcurlMatch7.9

curllibcurlMatch7.9.1

curllibcurlMatch7.9.2

curllibcurlMatch7.9.3

curllibcurlMatch7.9.5

curllibcurlMatch7.9.6

curllibcurlMatch7.9.7

curllibcurlMatch7.9.8

curllibcurlMatch7.10

curllibcurlMatch7.10.1

curllibcurlMatch7.10.2

curllibcurlMatch7.10.3

curllibcurlMatch7.10.4

curllibcurlMatch7.10.5

curllibcurlMatch7.10.6

curllibcurlMatch7.10.7

curllibcurlMatch7.10.8

curllibcurlMatch7.11.0

curllibcurlMatch7.11.1

curllibcurlMatch7.11.2

curllibcurlMatch7.12

curllibcurlMatch7.12.0

curllibcurlMatch7.12.1

curllibcurlMatch7.12.2

curllibcurlMatch7.12.3

curllibcurlMatch7.13

curllibcurlMatch7.13.1

curllibcurlMatch7.13.2

curllibcurlMatch7.14

curllibcurlMatch7.14.1

curllibcurlMatch7.15

curllibcurlMatch7.15.1

curllibcurlMatch7.15.2

curllibcurlMatch7.15.3

curllibcurlMatch7.16.3

curllibcurlMatch7.17.0

curllibcurlMatch7.17.1

curllibcurlMatch7.18.0

curllibcurlMatch7.18.1

curllibcurlMatch7.18.2

curllibcurlMatch7.19.0

curllibcurlMatch7.19.1

curllibcurlMatch7.19.2

curllibcurlMatch7.19.3

curllibcurlMatch7.19.4

curllibcurlMatch7.19.5

libcurllibcurlMatch7.12

libcurllibcurlMatch7.12.1

libcurllibcurlMatch7.12.2

libcurllibcurlMatch7.12.3

libcurllibcurlMatch7.13

libcurllibcurlMatch7.13.1

libcurllibcurlMatch7.13.2

libcurllibcurlMatch7.14

libcurllibcurlMatch7.14.1

libcurllibcurlMatch7.15

libcurllibcurlMatch7.15.1

libcurllibcurlMatch7.15.2

libcurllibcurlMatch7.15.3

libcurllibcurlMatch7.16.3

References

curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch

curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch

curl.haxx.se/docs/adv_20090812.txt

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

secunia.com/advisories/36238

secunia.com/advisories/36475

secunia.com/advisories/37471

secunia.com/advisories/45047

shibboleth.internet2.edu/secadv/secadv_20090817.txt

support.apple.com/kb/HT4077

wiki.rpath.com/Advisories:rPSA-2009-0124

www.securityfocus.com/archive/1/506055/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/36032

www.ubuntu.com/usn/USN-1158-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2263

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/52405

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for NVD:CVE-2009-2417

securityvulns5 cve12 openvas62 debiancve7 prion10 nessus49 cvelist11 ubuntucve12 mozilla1 slackware1 debian2 gentoo1 centos1 ubuntu1 veracode2 altlinux2 oraclelinux1 redhat1 exploitdb1 threatpost1 nvd11 seebug3 talos1 f51