CVE-2009-3490
Published Sep 30, 2009
Last updated 7 years ago
Overview
- Description
- GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD0AF9BA-677F-423E-A9B2-0BEBA4A2E86A",
"versionEndIncluding": "1.11.4"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50DD71F2-0B3C-4082-950A-CBFA5C601AEF"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26B3B1B6-3985-4479-93B2-14E1AB52F768"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BC975AA-0F98-4A3A-B3B4-2152156327D9"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DEDFB88-C435-4FB9-838D-8199690A8F70"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FDE8FE2E-40EF-4B86-A01E-7777FBDABB59"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E097843-1854-4C5E-BB27-07280EB3EEB2"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1047974D-7A5D-4533-996B-2B09EC7E8789"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C40562DA-2B50-4B30-B0D8-B62913FCC680"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5B63798-366A-4778-987D-19307228E13B"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90DEBAA0-B537-4EEC-8EA2-E503F26A0496"
},
{
"criteria": "cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEC161C5-5247-4A3C-AB56-6562B0A65D21"
}
],
"operator": "OR"
}
]
}
]