Vulnerability-Lookup

CVE-2009-2417 (GCVE-0-2009-2417)

Vulnerability from cvelistv5 – Published: 2009-08-14 15:00 – Updated: 2024-08-07 05:52

Summary

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE…	x_refsource_CONFIRM
	http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE…	x_refsource_CONFIRM
	http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE…	x_refsource_CONFIRM
	http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/506055/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/2263	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1158-1	vendor-advisoryx_refsource_UBUNTU
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/36238	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE…	x_refsource_CONFIRM
	http://wiki.rpath.com/Advisories:rPSA-2009-0124	x_refsource_CONFIRM
	http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	http://shibboleth.internet2.edu/secadv/secadv_200…	x_refsource_CONFIRM
	http://secunia.com/advisories/36475	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://curl.haxx.se/docs/adv_20090812.txt	x_refsource_CONFIRM
	http://secunia.com/advisories/45047	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/36032	vdb-entryx_refsource_BID
	http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.669Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
          },
          {
            "name": "20090824 rPSA-2009-0124-1 curl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "ADV-2009-2263",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2263"
          },
          {
            "name": "USN-1158-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "36238",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36238"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "curl-certificate-security-bypass(52405)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
          },
          {
            "name": "oval:org.mitre.oval:def:8542",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
          },
          {
            "name": "36475",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36475"
          },
          {
            "name": "oval:org.mitre.oval:def:10114",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20090812.txt"
          },
          {
            "name": "45047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "name": "36032",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
        },
        {
          "name": "20090824 rPSA-2009-0124-1 curl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "ADV-2009-2263",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2263"
        },
        {
          "name": "USN-1158-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1158-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "36238",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36238"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "curl-certificate-security-bypass(52405)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
        },
        {
          "name": "oval:org.mitre.oval:def:8542",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
        },
        {
          "name": "36475",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36475"
        },
        {
          "name": "oval:org.mitre.oval:def:10114",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20090812.txt"
        },
        {
          "name": "45047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45047"
        },
        {
          "name": "36032",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2417",
    "datePublished": "2009-08-14T15:00:00.000Z",
    "dateReserved": "2009-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:52:14.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-338

Vulnerability from certfr_avis - Published: 2009-08-17 - Updated: 2009-08-21

Une vulnérabilité dans cURL et libcurl permet à un utilisateur malveillant de contourner la politique de sécurité.

Description

Une vulnérabilité est présente dans cURL et libcurl qui, quand OpenSSL est utilisé, permet à un utilisateur malveillant de tromper l'utilisateur sur l'identité du serveur auquel il est connecté.

Solution

La version 7.19.6 remédie à cette vulnérabilité. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

cURL et libcurl, jusqu'à la version 7.19.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité du projet cURL du 12 août 2009	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2009:1209-1 du 13 août 2009 :	-	other
Bulletin de sécurité Ubuntu USN-818-1 du 17 août 2009 :	-	other
Bulletin de sécurité Mandriva MDVSA-2009:203 du 15 août 2009 :	-	other
Bulletin de sécurité Debian DSA-1869-1 du 19 août 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ecURL et libcurl, jusqu\u0027\u00e0 la version  7.19.5.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans cURL et libcurl qui, quand OpenSSL\nest utilis\u00e9, permet \u00e0 un utilisateur malveillant de tromper\nl\u0027utilisateur sur l\u0027identit\u00e9 du serveur auquel il est connect\u00e9.\n\n## Solution\n\nLa version 7.19.6 rem\u00e9die \u00e0 cette vuln\u00e9rabilit\u00e9. Se r\u00e9f\u00e9rer au bulletin\nde s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    }
  ],
  "initial_release_date": "2009-08-17T00:00:00",
  "last_revision_date": "2009-08-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1209-1 du 13 ao\u00fbt    2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1209-1.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-818-1 du 17 ao\u00fbt 2009 :",
      "url": "http://www.ubuntu.com/usn/usn-818-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2009:203 du 15 ao\u00fbt    2009 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2009:203"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1869-1 du 19 ao\u00fbt 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1869"
    }
  ],
  "reference": "CERTA-2009-AVI-338",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-17T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins RedHat et Ubuntu.",
      "revision_date": "2009-08-19T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Mandriva et Debian.",
      "revision_date": "2009-08-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans cURL et libcurl permet \u00e0 un utilisateur\nmalveillant de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de cURL et libcurl",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 du projet cURL du 12 ao\u00fbt 2009",
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    }
  ]
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "initial_release_date": "2010-03-30T00:00:00",
  "last_revision_date": "2010-03-30T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

FKIE_CVE-2009-2417

Vulnerability from fkie_nvd - Published: 2009-08-14 15:16 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch	Patch, Vendor Advisory
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch	Patch
secalert@redhat.com	http://curl.haxx.se/docs/adv_20090812.txt	Vendor Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.com	http://secunia.com/advisories/36238	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/36475
secalert@redhat.com	http://secunia.com/advisories/37471
secalert@redhat.com	http://secunia.com/advisories/45047
secalert@redhat.com	http://shibboleth.internet2.edu/secadv/secadv_20090817.txt
secalert@redhat.com	http://support.apple.com/kb/HT4077
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2009-0124
secalert@redhat.com	http://www.securityfocus.com/archive/1/506055/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/36032
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1158-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/2263	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3316
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/52405
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20090812.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36238	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36475
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45047
af854a3a-2127-422b-91ae-364da2661108	http://shibboleth.internet2.edu/secadv/secadv_20090817.txt
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2009-0124
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/506055/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36032
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1158-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2263	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52405
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542

Impacted products

Vendor	Product	Version
curl	libcurl	7.4
curl	libcurl	7.4.1
curl	libcurl	7.4.2
curl	libcurl	7.5
curl	libcurl	7.5.1
curl	libcurl	7.5.2
curl	libcurl	7.6
curl	libcurl	7.6.1
curl	libcurl	7.7
curl	libcurl	7.7.1
curl	libcurl	7.7.2
curl	libcurl	7.7.3
curl	libcurl	7.8
curl	libcurl	7.8.1
curl	libcurl	7.9
curl	libcurl	7.9.1
curl	libcurl	7.9.2
curl	libcurl	7.9.3
curl	libcurl	7.9.5
curl	libcurl	7.9.6
curl	libcurl	7.9.7
curl	libcurl	7.9.8
curl	libcurl	7.10
curl	libcurl	7.10.1
curl	libcurl	7.10.2
curl	libcurl	7.10.3
curl	libcurl	7.10.4
curl	libcurl	7.10.5
curl	libcurl	7.10.6
curl	libcurl	7.10.7
curl	libcurl	7.10.8
curl	libcurl	7.11.0
curl	libcurl	7.11.1
curl	libcurl	7.11.2
curl	libcurl	7.12
curl	libcurl	7.12.0
curl	libcurl	7.12.1
curl	libcurl	7.12.2
curl	libcurl	7.12.3
curl	libcurl	7.13
curl	libcurl	7.13.1
curl	libcurl	7.13.2
curl	libcurl	7.14
curl	libcurl	7.14.1
curl	libcurl	7.15
curl	libcurl	7.15.1
curl	libcurl	7.15.2
curl	libcurl	7.15.3
curl	libcurl	7.16.3
curl	libcurl	7.17.0
curl	libcurl	7.17.1
curl	libcurl	7.18.0
curl	libcurl	7.18.1
curl	libcurl	7.18.2
curl	libcurl	7.19.0
curl	libcurl	7.19.1
curl	libcurl	7.19.2
curl	libcurl	7.19.3
curl	libcurl	7.19.4
curl	libcurl	7.19.5
libcurl	libcurl	7.12
libcurl	libcurl	7.12.1
libcurl	libcurl	7.12.2
libcurl	libcurl	7.12.3
libcurl	libcurl	7.13
libcurl	libcurl	7.13.1
libcurl	libcurl	7.13.2
libcurl	libcurl	7.14
libcurl	libcurl	7.14.1
libcurl	libcurl	7.15
libcurl	libcurl	7.15.1
libcurl	libcurl	7.15.2
libcurl	libcurl	7.15.3
libcurl	libcurl	7.16.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4F46D5-85E5-4483-AD3D-207E9121FE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3A6114-AA64-45E0-99D7-FAB060B8657B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCF67A1-874A-41A3-85C9-2BDCD193CE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4321D25E-27DE-4649-A9B7-C6295F05ABB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25774954-E239-4337-9931-D4F6A69B42F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A000CAB-5986-4568-96C2-B7E213C77E1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C5745B-2FFF-4DF8-883B-417015BDDF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A50325-2247-46EF-A991-70378C4D008F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58D1562-5A17-4124-8010-6098A204C898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C461E700-752D-4A31-A3A4-2B758CE07704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8B6BE8-BC9A-443D-B6C8-4B5FF2390306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83681317-F32A-4C73-915A-D431E8DF944C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D9C492-5F87-4149-ACAE-948DBE35E40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70655CE0-63F0-402C-B335-FCFA494335C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6A6A05-E568-46F2-B2F5-73300E4EA5BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F102275D-8116-4F65-8910-478CB8DAAE76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68C14C1-AFDF-4DE7-BD06-2A7FE079656D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD860AC-DE24-4CD5-B2C9-C77BD95AAFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "403DDE56-5FA7-4920-A905-30349E61361B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F001A45E-CFD8-4B41-9281-F01A284ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "580BAB7A-3BE0-4FA1-9CAF-124F16882518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "21AE58E9-F201-41AA-A1DC-9EB09E50459A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C901C070-728C-41CD-8E4F-ECCB779906C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A1D7EA-6567-4A48-A431-EA28508D62C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D8F50B-495E-48B3-BF9F-8E4ACA556B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F4FFF6-6AB4-4857-BDFA-12801C972708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9987313-0256-4837-B347-6ABEF18DFCBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D703855E-6610-445D-B498-61CE1C763A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7B64A2-6779-4A01-9864-902E2C04B08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07B1635-6F28-4ED4-A2AC-CD7E9549C920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA4392F-2582-4EFE-9450-3F12588BE981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E91EAD-3813-498B-9B5C-05F1DCF75D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDDBC13-1646-490B-B778-DBD3BB3208C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B87F05D-C077-4929-8BBA-A7287A816470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEC85E8-5555-46A9-9A95-30E1497AFA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA22553-089B-44D2-B545-82F7AED74E25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03060364-7DCD-4111-BF7A-BEF6AFCB3134",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "319DADFB-081B-46AA-9F7D-DD4D1C5BE26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C6906-5FBD-4736-87B6-720E288E394A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4931FF86-51B6-470A-A2E0-A1B0942D1CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9DA33F-A33E-483E-AE4D-4422D62C02E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5028DB2-87D5-4AD8-87D4-325C519D6CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E992CDB0-A787-4F7E-AC55-13FE7C68A1D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "808143C5-108B-45BE-B626-A44F9F956018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBBB3F1-98BD-40D1-B09F-1924D567625A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88D5DAE5-ABEA-4FF1-836C-BA4741F13323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E15191F-D4E6-425C-81BE-2CD55A815B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0407CCC0-ACAA-4B2A-99A5-DA57791057B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "248D86F7-A8E5-448D-A55A-C05278BB9822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "295EE8FF-18BD-4F67-9045-83A5693AB783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "249C50ED-B681-4DFB-83CD-625D703CD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F060A3-FC8E-45CD-85AB-247D13A2896C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14BB81D-841D-456C-9CAE-CC679FFAB5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBA081D-AB88-4895-8495-6B51EB6B5325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F6B4C1-B88F-4675-BAB7-66A4DFAC17AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44CE5AD-27B6-45EB-A0B8-CF9BDB31F0E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63984E6B-54EF-4DD6-8A5B-DD16A9A6A4B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBACF741-C988-4800-A9FF-E4836A1EE4E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C5A868-2EC9-4FC6-A074-E587A203A350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "54613E59-4583-405C-9BA3-609D47B9FFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7DE39A-325D-42F5-B4ED-C971725232DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DEC10D0-622A-4037-9D4A-69814226CC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9D0343C-175D-44BA-BCCF-5F204C749EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D4C0FC-6848-4D18-98E8-4A2F4D7BECC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E66EA58-F408-4D8B-9614-67B936B0F1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BED785-BD7D-4A09-9B50-77548E64916D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A61633-B9B8-44B5-B352-29F4BFBD2BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF6D258-2A8C-40C3-9171-4C4A5B22B30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB80911-5BD5-401D-8C0A-8229A71D0804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE508863-DB77-41D3-A438-3F26C34703E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B79E431-AD91-4269-B427-DD1169D12659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "479069C9-D3E5-4909-8368-0B0F4704810B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADB9299-3EFA-45E6-95BD-7FE2E1B1D565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libcurl:libcurl:7.16.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F93365-54FD-45D4-B878-13A53A6806A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
    },
    {
      "lang": "es",
      "value": "lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter \u0027\\0\u0027 en un nombre de dominio en el campo sujeto del Common Name (CN) de un certificado X.509, lo que permite a atacantes de hombre en el medio hacer un spoofing de servidores SSL a trav\u00e9s de la un certificado de una autoridad de Certificaci\u00f3n leg\u00edtima, manipulado, relativo a CVE_2009-2408."
    }
  ],
  "id": "CVE-2009-2417",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-14T15:16:27.390",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36238"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36475"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/36032"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C74Q-XG62-9CWM

Vulnerability from github – Published: 2022-05-02 03:35 – Updated: 2022-05-02 03:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2417"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-14T15:16:00Z",
    "severity": "HIGH"
  },
  "details": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
  "id": "GHSA-c74q-xg62-9cwm",
  "modified": "2022-05-02T03:35:01Z",
  "published": "2022-05-02T03:35:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2417"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20090812.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36238"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36475"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45047"
    },
    {
      "type": "WEB",
      "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36032"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1158-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2263"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-2417

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2417

Aliases

CVE-2009-2417

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2417",
    "description": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
    "id": "GSD-2009-2417",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2417.html",
      "https://www.debian.org/security/2009/dsa-1869",
      "https://access.redhat.com/errata/RHSA-2009:1209",
      "https://linux.oracle.com/cve/CVE-2009-2417.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2417"
      ],
      "details": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
      "id": "GSD-2009-2417",
      "modified": "2023-12-13T01:19:46.023508Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-2417",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3316",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "http://secunia.com/advisories/37471",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "http://secunia.com/advisories/45047",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/45047"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1158-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1158-1"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20090812.txt",
            "refsource": "MISC",
            "url": "http://curl.haxx.se/docs/adv_20090812.txt"
          },
          {
            "name": "http://secunia.com/advisories/36238",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36238"
          },
          {
            "name": "http://secunia.com/advisories/36475",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36475"
          },
          {
            "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt",
            "refsource": "MISC",
            "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0124",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/506055/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/36032",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/36032"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/2263",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/2263"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.17.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.19.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.10.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.18.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.16.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:curl:libcurl:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libcurl:libcurl:7.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-2417"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.18.1-CVE-2009-2417.patch"
            },
            {
              "name": "ADV-2009-2263",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2263"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20090812.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/adv_20090812.txt"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.0-CVE-2009-2417.patch"
            },
            {
              "name": "36032",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36032"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.19.5-CVE-2009-2417.patch"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch"
            },
            {
              "name": "36238",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36238"
            },
            {
              "name": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch"
            },
            {
              "name": "36475",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36475"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0124",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0124"
            },
            {
              "name": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://shibboleth.internet2.edu/secadv/secadv_20090817.txt"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "USN-1158-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1158-1"
            },
            {
              "name": "45047",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45047"
            },
            {
              "name": "curl-certificate-security-bypass(52405)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52405"
            },
            {
              "name": "oval:org.mitre.oval:def:8542",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8542"
            },
            {
              "name": "oval:org.mitre.oval:def:10114",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10114"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "20090824 rPSA-2009-0124-1 curl",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/506055/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:40Z",
      "publishedDate": "2009-08-14T15:16Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2417 (GCVE-0-2009-2417)

CERTA-2009-AVI-338

Description

Solution

CERTA-2010-AVI-143

Description

Solution

CERTA-2009-AVI-513

Description

Solution

FKIE_CVE-2009-2417

GHSA-C74Q-XG62-9CWM

GSD-2009-2417

Tags

Sightings

Nomenclature