Lucene search

[email protected]CVE-2009-2700

HistorySep 02, 2009 - 5:30 p.m.

CVE-2009-2700

2009-09-0217:30:00

CWE-20

[email protected]

web.nvd.nist.gov

nokia

trolltech

qt 4.x

ssl

vulnerability

cve-2009-2700

nvd

x.509 certificate

man-in-the-middle

spoofing

ssl servers

certification authority

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Affected configurations

NVD

Node

qtqtMatch4.0.0

qtqtMatch4.0.1

qtqtMatch4.1.0

qtqtMatch4.1.1

qtqtMatch4.1.2

qtqtMatch4.1.3

qtqtMatch4.1.4

qtqtMatch4.1.5

qtqtMatch4.2.0

qtqtMatch4.2.1

qtqtMatch4.2.3

qtqtMatch4.3.0

qtqtMatch4.3.1

qtqtMatch4.3.2

qtqtMatch4.3.3

qtqtMatch4.3.4

qtqtMatch4.3.5

qtqtMatch4.4.0

qtqtMatch4.4.1

qtqtMatch4.4.2

qtqtMatch4.4.3

qtqtMatch4.5.0

qtqtMatch4.5.1

qtqtMatch4.5.2

qtqtMatch4.5.3

qtqtMatch4.6.0

qtqtMatch4.6.0rc1

qtqtMatch4.6.1

qtqtMatch4.6.2

qtqtMatch4.6.3

qtqtMatch4.6.4

qtqtMatch4.7.0

qtqtMatch4.7.1

qtqtMatch4.7.2

qtqtMatch4.7.3

qtqtMatch4.7.4

qtqtMatch4.7.5

qtqtMatch4.8.0

qtqtMatch4.8.1

qtqtMatch4.8.2

qtqtMatch4.8.3

qtqtMatch4.8.4

CPENameOperatorVersion
qt:qtqteq4.0.0
qt:qtqteq4.0.1
qt:qtqteq4.1.0
qt:qtqteq4.1.1
qt:qtqteq4.1.2
qt:qtqteq4.1.3
qt:qtqteq4.1.4
qt:qtqteq4.1.5
qt:qtqteq4.2.0
qt:qtqteq4.2.1