6.8
CVE-2009-3477
- EPSS 0.62%
- Veröffentlicht 29.09.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rim ≫ Blackberry Device Software Version4.5.0
Rim ≫ Blackberry Device Software Version4.6
Rim ≫ Blackberry Device Software Version4.6.1
Rim ≫ Blackberry Device Software Version4.7
Rim ≫ Blackberry Device Software Version4.7.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.451 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/36875
http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552
http://www.securityfocus.com/bid/36528
http://www.securitytracker.com/id?1022951
https://exchange.xforce.ibmcloud.com/vulnerabilities/53490