Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-2973
HistoryAug 27, 2009 - 5:30 p.m.

CVE-2009-2973

2009-08-2717:30:00
CWE-310
[email protected]
web.nvd.nist.gov
2

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

Affected configurations

NVD
Node
googlechromeRange2.0.172.37
OR
googlechromeMatch0.2.149.27
OR
googlechromeMatch0.2.149.29
OR
googlechromeMatch0.2.149.30
OR
googlechromeMatch0.2.152.1
OR
googlechromeMatch0.2.153.1
OR
googlechromeMatch0.3.154.0
OR
googlechromeMatch0.3.154.3
OR
googlechromeMatch0.4.154.18
OR
googlechromeMatch0.4.154.22
OR
googlechromeMatch0.4.154.31
OR
googlechromeMatch0.4.154.33
OR
googlechromeMatch1.0.154.36
OR
googlechromeMatch1.0.154.39
OR
googlechromeMatch1.0.154.42
OR
googlechromeMatch1.0.154.43
OR
googlechromeMatch1.0.154.46
OR
googlechromeMatch1.0.154.48
OR
googlechromeMatch1.0.154.52
OR
googlechromeMatch1.0.154.53
OR
googlechromeMatch1.0.154.59
OR
googlechromeMatch2.0.156.1
OR
googlechromeMatch2.0.157.0
OR
googlechromeMatch2.0.157.2
OR
googlechromeMatch2.0.158.0
OR
googlechromeMatch2.0.159.0
OR
googlechromeMatch2.0.172
OR
googlechromeMatch2.0.172.30
OR
googlechromeMatch2.0.172.31
OR
googlechromeMatch2.0.172.33

Related

cvelist 2
debiancve 2
cve 2
prion 2
openvas 87
ubuntucve 1
f5 2
nessus 54
veracode 1
nvd 1
ubuntu 5
securityvulns 3
oraclelinux 6
centos 5
redhat 11
osv 2
debian 3
vmware 6
gentoo 1
fedora 3
cvelist
cvelist
CVE-2009-2973
2009-08-27 17:00:00
CVE-2009-2409
2009-07-30 19:00:00
debiancve
debiancve
CVE-2009-2973
2009-08-27 17:30:00
CVE-2009-2409
2009-07-30 19:30:00
cve
cve
CVE-2009-2973
2009-08-27 17:30:00
CVE-2009-2409
2009-07-30 19:30:00
prion
prion
Design/Logic Flaw
2009-08-27 17:30:00
Code injection
2009-07-30 19:30:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:258 (openssl)
2009-10-13 00:00:00
Ubuntu: Security Advisory (USN-830-1)
2009-09-15 00:00:00
OpenSSL/GnuTLS SSL Server Spoofing Vulnerability - Windows
2009-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2009-2409
2009-07-30 00:00:00
f5
f5
SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-09 00:00:00
K15663 : MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-23 00:00:00
nessus
nessus
F5 Networks BIG-IP : MD2 Message-Digest Algorithm vulnerability (SOL15663)
2014-10-10 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerability (USN-830-1)
2009-09-15 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2009:258)
2009-10-08 00:00:00
veracode
veracode
Spoofing Attack
2020-04-10 00:33:40
nvd
nvd
CVE-2009-2409
2009-07-30 19:30:00
ubuntu
ubuntu
OpenSSL vulnerability
2009-09-14 00:00:00
NSS vulnerabilities
2009-08-04 00:00:00
NSPR update
2009-08-04 00:00:00
securityvulns
securityvulns
GnuTLS library certificate spoofing
2009-08-20 00:00:00
[USN-809-1] GnuTLS vulnerabilities
2009-08-20 00:00:00
Sun Java multiple security vulnerabilities
2009-11-05 00:00:00
oraclelinux
oraclelinux
gnutls security update
2010-03-25 00:00:00
openssl security update
2010-01-20 00:00:00
nspr and nss security, bug fix, and enhancement update
2009-07-21 00:00:00
centos
centos
gnutls security update
2010-03-26 21:48:08
openssl security update
2010-01-20 23:10:16
openssl security update
2010-03-25 22:38:39
redhat
redhat
(RHSA-2010:0166) Moderate: gnutls security update
2010-03-25 00:00:00
(RHSA-2010:0054) Moderate: openssl security update
2010-01-19 00:00:00
(RHSA-2009:1186) Critical: nspr and nss security, bug fix, and enhancement update
2009-07-30 00:00:00
osv
osv
gnutls13 gnutls26 - SSL certificate
2009-11-17 00:00:00
nss - several vulnerabilities
2009-08-26 00:00:00
debian
debian
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness
2009-11-17 13:46:36
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
2009-08-26 19:01:32
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
2009-09-15 21:37:22
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2009-12-01 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
2009-11-14 03:33:25
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
2009-11-14 03:30:20
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
2009-11-14 03:32:17

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for NVD:CVE-2009-2973
cvelist2debiancve2cve2prion2openvas87ubuntucve1f52nessus54veracode1nvd1ubuntu5securityvulns3oraclelinux6centos5redhat11osv2debian3vmware6gentoo1fedora3