QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2700

Published: Sep 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.