CVE-2009-2700

2009-09-0200:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.003

Percentile

65.2%

JSON

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not
properly handle a ‘\0’ character in a domain name in the Subject
Alternative Name field of an X.509 certificate, which allows
man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority, a related issue
to CVE-2009-2408.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchqt4-x11< 4.3.4-0ubuntu3.1UNKNOWN
ubuntu8.10noarchqt4-x11< 4.4.3-0ubuntu1.3UNKNOWN
ubuntu9.04noarchqt4-x11< 4.5.0-0ubuntu4.2UNKNOWN
ubuntu9.10noarchqt4-x11< 4.5.2-0ubuntu5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	qt4-x11	< 4.3.4-0ubuntu3.1	UNKNOWN
ubuntu	8.10	noarch	qt4-x11	< 4.4.3-0ubuntu1.3	UNKNOWN
ubuntu	9.04	noarch	qt4-x11	< 4.5.0-0ubuntu4.2	UNKNOWN
ubuntu	9.10	noarch	qt4-x11	< 4.5.2-0ubuntu5	UNKNOWN