CVE-2009-3941
Published Nov 16, 2009
Last updated 15 years ago
Overview
- Description
- Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A334487-BFC7-4BD3-A41C-B4A7A03FD688",
"versionEndIncluding": "1.0.18"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3D33CFC-B3AD-447D-9ED7-B9EB56F37963"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1101564-6C93-4116-8286-423ECF1CE1F9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52F89E31-4C4F-4596-8BDB-DD6AA202A66B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13B423FE-A656-4E05-8E56-ADA3BB25055C"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4533F4B-B737-4AE8-8BE4-52F18AC81CF3"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73161FA8-6BDB-480A-959A-FE75A0A094A9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D831D74-1D1A-43BF-989C-CA2541B34F2B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA886F91-162A-4272-A854-E4C2ABA1880F"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C73DAC9F-AF34-412B-8483-BD642E9AD7CB"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E5F1142-E4BC-4AC4-AB85-33A5AC35D7A9"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03C05F7D-BA83-44D4-8E47-45CF339EFB63"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A312B4E-F43D-4649-A8F8-811657D5D6EA"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E9BD996-6003-4ACA-A661-810018EF750D"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15117F01-79FF-47A7-8D1E-BA1F8E96A1ED"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB4C433A-9796-4C11-8B3F-DD93191B200F"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C63DB55C-3454-4E28-9BE3-6E2AF7F0C2C4"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBAF238F-6E35-4C79-BA57-9DFBCE1F32DF"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09FB5DCD-94E2-469E-83E8-E7489DFECF28"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "813E3390-A91A-440E-947F-98777CF0C008"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83BAB091-5DF5-48D1-B12F-FAA7AE304BAE"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "832106E3-7743-412D-B92E-CF8F4AFD630E"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29EA91C5-EAD8-476C-A198-3BB9D11DF47F"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E17910-D6CC-4AE3-B119-90798F441338"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DE2045F-C0EB-433F-8D44-7B257AF1A976"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD03AAD4-18CE-4109-B63E-F0447AD5D57E"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F60C96B3-834A-467E-B823-56F95AC53394"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BC5660E-D2FB-4D73-8D45-BC92388CFA6B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF5CED20-DF1C-4172-ABC4-BB8C88A59D71"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B75E57F-D5A5-4925-95A1-7680D9A186C8"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E71A841C-1ED3-4634-8BA4-5F0A50CB6636"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE437EFD-6F1F-4946-91A7-E198DDC70693"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94F9FEC8-15D0-4327-975F-359A595A10B7"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AD2F2D6-BD1A-4413-9499-B45352AE5D2F"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2011EBF2-DAF7-4F9A-861E-8C7CB01E9620"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "894E6D56-3A5F-49DC-B99D-2148B548335B"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DF077CF-E698-4506-8AD8-B339166298BA"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D879455-E7E1-448C-A425-E9C576540E73"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68D38E74-A95C-4009-AEBD-3575A98824AE"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B8B0B5D-9932-4924-B0C9-C10B8EA46F56"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0432B82-D516-4771-9D2E-684CA81A5680"
},
{
"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6A767CC-D28E-497E-9CB5-DE930304C7C7"
}
],
"operator": "OR"
}
]
}
]