Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:24028
HistoryApr 10, 2020 - 12:44 a.m.

Authorization Bypass

2020-04-1000:44:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

sendmail is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication.

References

Related

fedora 2
nessus 27
openvas 18
seebug 1
securityvulns 2
redhat 2
debian 2
gentoo 1
debiancve 1
cve 1
oraclelinux 2
prion 1
ubuntucve 1
aix 1
checkpoint_advisories 1
fedora
fedora
[SECURITY] Fedora 12 Update: sendmail-8.14.4-3.fc12
2010-06-21 12:53:35
[SECURITY] Fedora 11 Update: sendmail-8.14.4-3.fc11
2010-06-14 17:26:40
nessus
nessus
openSUSE Security Update : rmail (rmail-2012)
2010-03-01 00:00:00
Sendmail < 8.14.4 SSL Certificate NULL Character Spoofing
2010-01-05 00:00:00
Scientific Linux Security Update : sendmail on SL4.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
2010-03-31 00:00:00
HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
2010-03-31 00:00:00
Gentoo Security Advisory GLSA 201206-30 (sendmail)
2012-08-10 00:00:00
seebug
seebug
Sendmail CA SSL证书ιͺŒθ―ζΌζ΄ž
2010-01-08 00:00:00
securityvulns
securityvulns
Sendmail SSL certificate spoofing
2010-01-17 00:00:00
[ MDVSA-2010:003 ] sendmail
2010-01-17 00:00:00
redhat
redhat
(RHSA-2011:0262) Low: sendmail security and bug fix update
2011-02-16 00:00:00
(RHSA-2010:0237) Low: sendmail security and bug fix update
2010-03-30 00:00:00
debian
debian
[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness
2010-01-31 14:32:06
[SECURITY] [DSA 1985-1] New sendmail packages fix SSL certificate verification weakness
2010-01-31 14:32:06
gentoo
gentoo
sendmail: X.509 NULL spoofing vulnerability
2012-06-25 00:00:00
debiancve
debiancve
CVE-2009-4565
2010-01-04 21:30:00
cve
cve
CVE-2009-4565
2010-01-04 21:30:00
oraclelinux
oraclelinux
sendmail security and bug fix update
2010-04-05 00:00:00
sendmail security and bug fix update
2011-02-23 00:00:00
prion
prion
Design/Logic Flaw
2010-01-04 21:30:00
ubuntucve
ubuntucve
CVE-2009-4565
2010-01-04 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
checkpoint_advisories
checkpoint_advisories
SSL NULL Termination Certificate Validation Security Bypass (CVE-2009-2408; CVE-2009-2510; CVE-2009-4565)
2009-08-12 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for VERACODE:24028
fedora2nessus27openvas18seebug1securityvulns2redhat2debian2gentoo1debiancve1cve1oraclelinux2prion1ubuntucve1aix1checkpoint_advisories1