Lucene search

K
nvd[email protected]NVD:CVE-2009-2730
HistoryAug 12, 2009 - 10:30 a.m.

CVE-2009-2730

2009-08-1210:30:01
CWE-310
web.nvd.nist.gov
1

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.9%

libgnutls in GnuTLS before 2.8.2 does not properly handle a ‘\0’ character in a domain name in the subject’s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Affected configurations

NVD
Node
gnugnutlsRange≤2.8.1
OR
gnugnutlsMatch1.0.16
OR
gnugnutlsMatch1.0.17
OR
gnugnutlsMatch1.0.18
OR
gnugnutlsMatch1.0.19
OR
gnugnutlsMatch1.0.20
OR
gnugnutlsMatch1.0.21
OR
gnugnutlsMatch1.0.22
OR
gnugnutlsMatch1.0.23
OR
gnugnutlsMatch1.0.24
OR
gnugnutlsMatch1.0.25
OR
gnugnutlsMatch1.1.13
OR
gnugnutlsMatch1.1.14
OR
gnugnutlsMatch1.1.15
OR
gnugnutlsMatch1.1.16
OR
gnugnutlsMatch1.1.17
OR
gnugnutlsMatch1.1.18
OR
gnugnutlsMatch1.1.19
OR
gnugnutlsMatch1.1.20
OR
gnugnutlsMatch1.1.21
OR
gnugnutlsMatch1.1.22
OR
gnugnutlsMatch1.1.23
OR
gnugnutlsMatch1.2.0
OR
gnugnutlsMatch1.2.1
OR
gnugnutlsMatch1.2.2
OR
gnugnutlsMatch1.2.3
OR
gnugnutlsMatch1.2.4
OR
gnugnutlsMatch1.2.5
OR
gnugnutlsMatch1.2.6
OR
gnugnutlsMatch1.2.7
OR
gnugnutlsMatch1.2.8
OR
gnugnutlsMatch1.2.8.1a1
OR
gnugnutlsMatch1.2.9
OR
gnugnutlsMatch1.2.10
OR
gnugnutlsMatch1.2.11
OR
gnugnutlsMatch1.3.0
OR
gnugnutlsMatch1.3.1
OR
gnugnutlsMatch1.3.2
OR
gnugnutlsMatch1.3.3
OR
gnugnutlsMatch1.3.4
OR
gnugnutlsMatch1.3.5
OR
gnugnutlsMatch1.4.0
OR
gnugnutlsMatch1.4.1
OR
gnugnutlsMatch1.4.2
OR
gnugnutlsMatch1.4.3
OR
gnugnutlsMatch1.4.4
OR
gnugnutlsMatch1.4.5
OR
gnugnutlsMatch1.5.0
OR
gnugnutlsMatch1.5.1
OR
gnugnutlsMatch1.5.2
OR
gnugnutlsMatch1.5.3
OR
gnugnutlsMatch1.5.4
OR
gnugnutlsMatch1.5.5
OR
gnugnutlsMatch1.6.0
OR
gnugnutlsMatch1.6.1
OR
gnugnutlsMatch1.6.2
OR
gnugnutlsMatch1.6.3
OR
gnugnutlsMatch1.7.0
OR
gnugnutlsMatch1.7.1
OR
gnugnutlsMatch1.7.2
OR
gnugnutlsMatch1.7.3
OR
gnugnutlsMatch1.7.4
OR
gnugnutlsMatch1.7.5
OR
gnugnutlsMatch1.7.6
OR
gnugnutlsMatch1.7.7
OR
gnugnutlsMatch1.7.8
OR
gnugnutlsMatch1.7.9
OR
gnugnutlsMatch1.7.10
OR
gnugnutlsMatch1.7.11
OR
gnugnutlsMatch1.7.12
OR
gnugnutlsMatch1.7.13
OR
gnugnutlsMatch1.7.14
OR
gnugnutlsMatch1.7.15
OR
gnugnutlsMatch1.7.16
OR
gnugnutlsMatch1.7.17
OR
gnugnutlsMatch1.7.18
OR
gnugnutlsMatch1.7.19
OR
gnugnutlsMatch2.0.0
OR
gnugnutlsMatch2.0.1
OR
gnugnutlsMatch2.0.2
OR
gnugnutlsMatch2.0.3
OR
gnugnutlsMatch2.0.4
OR
gnugnutlsMatch2.1.0
OR
gnugnutlsMatch2.1.1
OR
gnugnutlsMatch2.1.2
OR
gnugnutlsMatch2.1.3
OR
gnugnutlsMatch2.1.4
OR
gnugnutlsMatch2.1.5
OR
gnugnutlsMatch2.1.6
OR
gnugnutlsMatch2.1.7
OR
gnugnutlsMatch2.1.8
OR
gnugnutlsMatch2.2.0
OR
gnugnutlsMatch2.2.1
OR
gnugnutlsMatch2.2.2
OR
gnugnutlsMatch2.2.3
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.3.0
OR
gnugnutlsMatch2.3.1
OR
gnugnutlsMatch2.3.2
OR
gnugnutlsMatch2.3.3
OR
gnugnutlsMatch2.3.4
OR
gnugnutlsMatch2.3.5
OR
gnugnutlsMatch2.3.6
OR
gnugnutlsMatch2.3.7
OR
gnugnutlsMatch2.3.8
OR
gnugnutlsMatch2.3.9
OR
gnugnutlsMatch2.3.10
OR
gnugnutlsMatch2.3.11
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.5.0
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.8.0

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.9%