6.8

CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuWget Version <= 1.11.4
GnuWget Version1.5.3
GnuWget Version1.6
GnuWget Version1.7
GnuWget Version1.7.1
GnuWget Version1.8
GnuWget Version1.8.1
GnuWget Version1.9
GnuWget Version1.9.1
GnuWget Version1.10
GnuWget Version1.10.1
GnuWget Version1.10.2
GnuWget Version1.11
GnuWget Version1.11.1
GnuWget Version1.11.2
GnuWget Version1.11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.52% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://marc.info/?l=oss-security&m=125198917018936&w=2
http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html
http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
http://marc.info/?l=oss-security&m=125369675820512&w=2
http://permalink.gmane.org/gmane.comp.web.wget.general/8972
http://secunia.com/advisories/36540
Vendor Advisory
http://www.securityfocus.com/bid/36205
http://www.vupen.com/english/advisories/2009/2498
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=520454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099