CVE-2009-2700

2009-09-0200:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.5%

JSON

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not
properly handle a ‘\0’ character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority, a related issue
to CVE-2009-2408.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchqt4-x11< 4.3.4-0ubuntu3.1UNKNOWN
ubuntu8.10noarchqt4-x11< 4.4.3-0ubuntu1.3UNKNOWN
ubuntu9.04noarchqt4-x11< 4.5.0-0ubuntu4.2UNKNOWN
ubuntu9.10noarchqt4-x11< 4.5.2-0ubuntu5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	qt4-x11	< 4.3.4-0ubuntu3.1	UNKNOWN
ubuntu	8.10	noarch	qt4-x11	< 4.4.3-0ubuntu1.3	UNKNOWN
ubuntu	9.04	noarch	qt4-x11	< 4.5.0-0ubuntu4.2	UNKNOWN
ubuntu	9.10	noarch	qt4-x11	< 4.5.2-0ubuntu5	UNKNOWN