Lucene search
MitreCVE-2009-3455HistorySep 29, 2009 - 6:00 p.m.
CVE-2009-3455
2009-09-2918:00:00
CWE-310
mitre
web.nvd.nist.gov
42
apple safari
mac os x
ssl servers
x.509 certificate
man-in-the-middle
cve-2009-3455
cve-2009-2408
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
65.3%
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a ‘\0’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected configurations
Node
applesafariRange≤4.0.2-mac
ORapplesafariMatch0.8-mac
ORapplesafariMatch0.9-mac
ORapplesafariMatch1.0-mac
ORapplesafariMatch1.0.0-mac
ORapplesafariMatch1.0b1-mac
ORapplesafariMatch1.1-mac
ORapplesafariMatch1.2-mac
ORapplesafariMatch1.2.0-mac
ORapplesafariMatch1.2.1-mac
ORapplesafariMatch1.2.2-mac
ORapplesafariMatch1.2.3-mac
ORapplesafariMatch1.2.4-mac
ORapplesafariMatch1.2.5-mac
ORapplesafariMatch1.3-mac
ORapplesafariMatch1.3.1-mac
ORapplesafariMatch1.3.2-mac
ORapplesafariMatch2.0-mac
ORapplesafariMatch2.0.0-mac
ORapplesafariMatch2.0.1-mac
ORapplesafariMatch2.0.2-mac
ORapplesafariMatch2.0.3-mac
ORapplesafariMatch2.0.4-mac
ORapplesafariMatch3.0mac
ORapplesafariMatch3.0-mac
ORapplesafariMatch3.0.0-mac
ORapplesafariMatch3.0.1-mac
ORapplesafariMatch3.0.3mac
ORapplesafariMatch3.0.3-mac
ORapplesafariMatch3.0.4mac
ORapplesafariMatch3.0.4-mac
ORapplesafariMatch3.1mac
ORapplesafariMatch3.1-mac
ORapplesafariMatch3.1.0-mac
ORapplesafariMatch3.1.1mac
ORapplesafariMatch3.1.1-mac
ORapplesafariMatch3.1.2mac
ORapplesafariMatch3.1.2-mac
ORapplesafariMatch3.2-mac
ORapplesafariMatch3.2.1mac
ORapplesafariMatch3.2.1-mac
ORapplesafariMatch3.2.3mac
ORapplesafariMatch3.2.3-mac
ORapplesafariMatch4.0-mac
ORapplesafariMatch4.0.0b-mac
ORapplesafariMatch4.0.1-mac
ORapplesafariMatch4.0.2mac
ORapplesafariMatch4.0_beta-mac
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | safari | * | cpe:2.3:a:apple:safari:*:-:mac:*:*:*:*:* |
| apple | safari | 0.8 | cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:* |
| apple | safari | 0.9 | cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:* |
| apple | safari | 1.0.0 | cpe:2.3:a:apple:safari:1.0.0:-:mac:*:*:*:*:* |
| apple | safari | 1.0b1 | cpe:2.3:a:apple:safari:1.0b1:-:mac:*:*:*:*:* |
| apple | safari | 1.1 | cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:* |
| apple | safari | 1.2 | cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:* |
| apple | safari | 1.2.0 | cpe:2.3:a:apple:safari:1.2.0:-:mac:*:*:*:*:* |
| apple | safari | 1.2.1 | cpe:2.3:a:apple:safari:1.2.1:-:mac:*:*:*:*:* |
Related
nvd
nvd
cvelist
cvelist
prion
prion
Design/Logic Flaw
2009-09-29 18:00:00
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2009-09-08 18:30:00
openvas
openvas
SLES11: Security update for mutt
2009-10-11 00:00:00
Mandrake Security Advisory MDVSA-2009:288 (proftpd)
2009-10-27 00:00:00
SLES9: Security update for OpenLDAP2
2009-10-10 00:00:00
nessus
nessus
SuSE9 Security Update : OpenLDAP2 (YOU Patch Number 12506)
2009-09-24 00:00:00
SuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 6598)
2010-10-11 00:00:00
SuSE9 Security Update : mutt (YOU Patch Number 12505)
2009-09-24 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
seebug
seebug
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
2017-09-19 00:00:00
mozilla-thunderbird多个安全漏洞
2009-10-10 00:00:00
mozilla
mozilla
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
exploitdb
exploitdb
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
2009-08-08 00:00:00
cURL / libcurl SSL certificate spoofing
2009-08-17 00:00:00
cve
cve
f5
f5
SOL14909 - OpenSSL vulnerability CVE-2013-4248
2014-01-15 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
K15683 : Ruby vulnerability CVE-2013-4073
2014-10-09 00:00:00
aix
aix
Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS
2010-03-29 15:54:57
debian
debian
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:06:44
[Backports-security-announce] Security Update for proftpd-dfsg
2010-01-26 21:30:08
rubygems
rubygems
CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
2013-06-26 20:00:00
talos
talos
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
2017-04-28 00:00:00
amazon
amazon
Medium: python27
2013-09-04 13:31:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
65.3%
Related for CVE-2009-3455