Back to search
CVE-2009-2474
Published: Aug 21, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[neon] 20090818 neon: release 0.28.6 (SECURITY)
mailing-list
x_refsource_MLIST
[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names
mailing-list
x_refsource_MLIST
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
ADV-2009-2341
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:11721
vdb-entry
signature
x_refsource_OVAL
MDVSA-2009:221
vendor-advisory
x_refsource_MANDRIVA
36079
vdb-entry
x_refsource_BID
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
36371
third-party-advisory
x_refsource_SECUNIA
USN-835-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2009-8815
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-8794
vendor-advisory
x_refsource_FEDORA
36799
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now