QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0089

Back to search

CVE-2009-0089

Published: Apr 15, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

VendorProductVersions

n/a

n/a

affected
n/a

References

34437
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:6027
vdb-entry
signature
x_refsource_OVAL
34677
third-party-advisory
x_refsource_SECUNIA
TA09-104A
third-party-advisory
x_refsource_CERT
1022041
vdb-entry
x_refsource_SECTRACK
ADV-2009-1027
vdb-entry
x_refsource_VUPEN
MS09-013
vendor-advisory
x_refsource_MS

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now