CVE-2009-2474

2009-08-2100:00:00

ubuntu.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly
handle a ‘\0’ character in a domain name in the subject’s Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchneon< 0.25.5.dfsg-5ubuntu0.1UNKNOWN
ubuntu8.04noarchneon27< 0.27.2-1ubuntu0.1UNKNOWN
ubuntu8.10noarchneon27< 0.28.2-2ubuntu0.1UNKNOWN
ubuntu9.04noarchneon27< 0.28.2-6.1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	neon	< 0.25.5.dfsg-5ubuntu0.1	UNKNOWN
ubuntu	8.04	noarch	neon27	< 0.27.2-1ubuntu0.1	UNKNOWN
ubuntu	8.10	noarch	neon27	< 0.28.2-2ubuntu0.1	UNKNOWN
ubuntu	9.04	noarch	neon27	< 0.28.2-6.1ubuntu0.1	UNKNOWN