Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12579
HistoryNov 05, 2009 - 12:00 a.m.

Wget CA SSL畸形证书验证漏洞

2009-11-0500:00:00
Root
www.seebug.org
16

0.004 Low

EPSS

Percentile

71.2%

JSON

BUGTRAQ ID: 36205
CVE(CAN) ID: CVE-2009-3490

Wget是可使用HTTP、HTTPS和FTP协议的文件检索工具。

Wget没有正确地处理X.509证书主题通用名称(CN)字段域名中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符,因此只会验证空字符前的部分。例如,对于类似于以下的名称:

example.com\0.haxx.se

证书是发布给haxx.se的,但Wget错误的验证给example.com,这有助于攻击者通过中间人攻击执行网络钓鱼等欺骗。

Micah Cowan Wget < 1.12
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2009:1549-01)以及相应补丁:
RHSA-2009:1549-01:Moderate: wget security update
链接:https://www.redhat.com/support/errata/RHSA-2009-1549.html

Micah Cowan

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7

Related

fedora 3
openvas 25
nessus 21
securityvulns 2
centos 1
oraclelinux 1
gentoo 1
veracode 1
ubuntu 1
redhat 2
debian 1
cve 1
prion 1
debiancve 1
ubuntucve 1
fedora
fedora
[SECURITY] Fedora 10 Update: wget-1.12-2.fc10
2009-12-03 05:12:11
[SECURITY] Fedora 11 Update: wget-1.12-2.fc11
2009-12-03 04:56:35
[SECURITY] Fedora 12 Update: wget-1.12-2.fc12
2009-12-03 04:56:18
openvas
openvas
Fedora Core 10 FEDORA-2009-11739 (wget)
2009-12-10 00:00:00
CentOS Update for wget CESA-2009:1549 centos3 i386
2011-08-09 00:00:00
CentOS Update for wget CESA-2009:1549 centos4 i386
2011-08-09 00:00:00
nessus
nessus
Solaris 10 (x86) : 125216-07 (deprecated)
2009-12-02 00:00:00
Solaris 10 (sparc) : 125215-07 (deprecated)
2009-12-02 00:00:00
Solaris 10 (sparc) : 125215-07
2018-03-12 00:00:00
securityvulns
securityvulns
wget certificate spoofing
2009-10-07 00:00:00
[USN-842-1] Wget vulnerability
2009-10-07 00:00:00
centos
centos
wget security update
2009-11-03 21:48:02
oraclelinux
oraclelinux
wget security update
2009-11-03 00:00:00
gentoo
gentoo
Wget: Certificate validation error
2009-10-20 00:00:00
veracode
veracode
Spoofing Attack
2020-04-10 00:42:35
ubuntu
ubuntu
Wget vulnerability
2009-10-06 00:00:00
redhat
redhat
(RHSA-2009:1549) Moderate: wget security update
2009-11-03 00:00:00
(RHSA-2009:1692) Important: rhev-hypervisor security and bug fix update
2009-12-23 00:00:00
debian
debian
[SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness
2009-10-09 11:31:45
cve
cve
CVE-2009-3490
2009-09-30 15:30:00
prion
prion
Design/Logic Flaw
2009-09-30 15:30:00
debiancve
debiancve
CVE-2009-3490
2009-09-30 15:30:00
ubuntucve
ubuntucve
CVE-2009-3490
2009-09-30 00:00:00

0.004 Low

EPSS

Percentile

71.2%

JSON
Related for SSV:12579
fedora3openvas25nessus21securityvulns2centos1oraclelinux1gentoo1veracode1ubuntu1redhat2debian1cve1prion1debiancve1ubuntucve1