CVE-2009-3477
Published Sep 29, 2009
Last updated 7 years ago
Overview
- Description
- The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rim:blackberry_device_software:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA413B7D-D802-4E3C-A7B6-336A18725F22"
},
{
"criteria": "cpe:2.3:a:rim:blackberry_device_software:4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AA30719-43F4-4E82-BAAE-3BE053AB500A"
},
{
"criteria": "cpe:2.3:a:rim:blackberry_device_software:4.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01B0686F-CEE0-49DB-8393-C1100E13AD75"
},
{
"criteria": "cpe:2.3:a:rim:blackberry_device_software:4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E36C6DD2-3695-4D65-B4F5-ADA6C3E69AA2"
},
{
"criteria": "cpe:2.3:a:rim:blackberry_device_software:4.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59C49F10-787E-4AFB-8830-E6C3645BD2E7"
}
],
"operator": "OR"
}
]
}
]