Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-2409
HistoryJul 30, 2009 - 12:00 a.m.

CVE-2009-2409

2009-07-3000:00:00
ubuntu.com
ubuntu.com
16

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

The Network Security Services (NSS) library before 3.12.3, as used in
Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and
other products support MD2 with X.509 certificates, which might allow
remote attackers to spoof certificates by using MD2 design flaws to
generate a hash collision in less than brute-force time. NOTE: the scope of
this issue is currently limited because the amount of computation required
is still large.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchgnutls12< 1.2.9-2ubuntu1.5UNKNOWN
ubuntu8.04noarchgnutls13< 2.0.4-1ubuntu2.5UNKNOWN
ubuntu8.10noarchgnutls26< 2.4.1-1ubuntu0.3UNKNOWN
ubuntu9.04noarchgnutls26< 2.4.2-5UNKNOWN
ubuntu8.04noarchnss< 3.12.3.1-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchnss< 3.12.3.1-0ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchnss< 3.12.3.1-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchnss< 3.12.3.1-0ubuntu1UNKNOWN
ubuntu8.04noarchopenjdk-6< 6b18-1.8.2-4ubuntu1~8.04.1UNKNOWN
ubuntu8.10noarchopenjdk-6< 6b12-0ubuntu6.6UNKNOWN
Rows per page:
1-10 of 171

Related

openvas 85
f5 2
cvelist 2
nessus 56
veracode 1
cve 2
prion 2
nvd 2
debiancve 2
ubuntu 5
securityvulns 3
oraclelinux 6
centos 5
redhat 11
osv 2
debian 3
vmware 6
gentoo 1
fedora 3
openvas
openvas
Mandrake Security Advisory MDVSA-2009:258 (openssl)
2009-10-13 00:00:00
Ubuntu: Security Advisory (USN-830-1)
2009-09-15 00:00:00
OpenSSL/GnuTLS SSL Server Spoofing Vulnerability - Windows
2009-08-05 00:00:00
f5
f5
SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-09 00:00:00
K15663 : MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-23 00:00:00
cvelist
cvelist
CVE-2009-2409
2009-07-30 19:00:00
CVE-2009-2973
2009-08-27 17:00:00
nessus
nessus
F5 Networks BIG-IP : MD2 Message-Digest Algorithm vulnerability (SOL15663)
2014-10-10 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerability (USN-830-1)
2009-09-15 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2009:258)
2009-10-08 00:00:00
veracode
veracode
Spoofing Attack
2020-04-10 00:33:40
cve
cve
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-2973
2009-08-27 17:30:00
prion
prion
Code injection
2009-07-30 19:30:00
Design/Logic Flaw
2009-08-27 17:30:00
nvd
nvd
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-2973
2009-08-27 17:30:00
debiancve
debiancve
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-2973
2009-08-27 17:30:00
ubuntu
ubuntu
OpenSSL vulnerability
2009-09-14 00:00:00
NSS vulnerabilities
2009-08-04 00:00:00
NSPR update
2009-08-04 00:00:00
securityvulns
securityvulns
GnuTLS library certificate spoofing
2009-08-20 00:00:00
[USN-809-1] GnuTLS vulnerabilities
2009-08-20 00:00:00
Sun Java multiple security vulnerabilities
2009-11-05 00:00:00
oraclelinux
oraclelinux
gnutls security update
2010-03-25 00:00:00
openssl security update
2010-01-20 00:00:00
nspr and nss security, bug fix, and enhancement update
2009-07-21 00:00:00
centos
centos
gnutls security update
2010-03-26 21:48:08
openssl security update
2010-01-20 23:10:16
openssl security update
2010-03-25 22:38:39
redhat
redhat
(RHSA-2010:0166) Moderate: gnutls security update
2010-03-25 00:00:00
(RHSA-2010:0054) Moderate: openssl security update
2010-01-19 00:00:00
(RHSA-2010:0163) Moderate: openssl security update
2010-03-25 00:00:00
osv
osv
gnutls13 gnutls26 - SSL certificate
2009-11-17 00:00:00
nss - several vulnerabilities
2009-08-26 00:00:00
debian
debian
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness
2009-11-17 13:46:36
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
2009-08-26 19:01:32
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
2009-09-15 21:37:22
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2009-12-01 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
2009-11-14 03:30:20
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
2009-11-14 03:32:17
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
2009-11-14 03:33:25

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for UB:CVE-2009-2409
openvas85f52cvelist2nessus56veracode1cve2prion2nvd2debiancve2ubuntu5securityvulns3oraclelinux6centos5redhat11osv2debian3vmware6gentoo1fedora3