Vulnerability-Lookup

CVE-2009-3490 (GCVE-0-2009-3490)

Vulnerability from cvelistv5 – Published: 2009-09-30 15:00 – Updated: 2024-08-07 06:31

Summary

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://permalink.gmane.org/gmane.comp.web.wget.ge…	mailing-listx_refsource_MLIST
	http://marc.info/?l=oss-security&m=125369675820512&w=2	mailing-listx_refsource_MLIST
	http://www.vupen.com/english/advisories/2009/2498	vdb-entryx_refsource_VUPEN
	https://bugzilla.redhat.com/show_bug.cgi?id=520454	x_refsource_CONFIRM
	http://addictivecode.org/pipermail/wget-notify/20…	mailing-listx_refsource_MLIST
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://secunia.com/advisories/36540	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/36205	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://hg.addictivecode.org/wget/mainline/rev/1ea…	x_refsource_CONFIRM
	http://marc.info/?l=oss-security&m=125198917018936&w=2	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:09.607Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
          },
          {
            "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
          },
          {
            "name": "ADV-2009-2498",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
          },
          {
            "name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "36540",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36540"
          },
          {
            "name": "36205",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36205"
          },
          {
            "name": "oval:org.mitre.oval:def:11099",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
        },
        {
          "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
        },
        {
          "name": "ADV-2009-2498",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
        },
        {
          "name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "36540",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36540"
        },
        {
          "name": "36205",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36205"
        },
        {
          "name": "oval:org.mitre.oval:def:11099",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
        },
        {
          "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
              "refsource": "MLIST",
              "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
            },
            {
              "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
            },
            {
              "name": "ADV-2009-2498",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2498"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=520454",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
            },
            {
              "name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
              "refsource": "MLIST",
              "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "36540",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36540"
            },
            {
              "name": "36205",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36205"
            },
            {
              "name": "oval:org.mitre.oval:def:11099",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
            },
            {
              "name": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7",
              "refsource": "CONFIRM",
              "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3490",
    "datePublished": "2009-09-30T15:00:00.000Z",
    "dateReserved": "2009-09-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:31:09.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-363

Vulnerability from certfr_avis - Published: 2009-09-02 - Updated: 2009-12-04

Une vulnérabilité permettant de contourner la politique de sécurité a été découverte dans wget.

Description

Une vulnérabilité a été découverte dans wget. Cette vulnérabilité est due à une mauvaise interprétation de certains caractères dans un certificat SSL. L'exploitation de cette vulnérabilité permet à un utilisateur malintentionné de contournée la politique de confidentialité induite par l'utilisation de SSL.

Note : certains logiciels, en particulier certains gestionnaires de téléchargement, peuvent se servir d'une version non corrigée de wget.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Solaris 10 sur SPARC sans le patch 125215-03 ;
N/A	N/A	OpenSolaris sur SPARC de svn_01 à svn _125 ;
N/A	N/A	Solaris 9 sur SPARC avec le patch 125326-01 ;
N/A	N/A	wget versions antérieures à la version 1.12 ;
N/A	N/A	Solaris 10 sur x86 sans le patch 125216-03 ;
N/A	N/A	Solaris 9 sur x86 avec le patch 125327-01 ;
N/A	N/A	OpenSolaris sur x86 de svn_01 à svn_125.

References

Title

Publication Time

Tags

Notes de changements de wget du 27 août 2009	None	vendor-advisory
notes de changements de wget du 27 août 2009 :	-	other
Bulletin de sécurité Debian DSA-1904 du 09 octobre 2009 :	-	other
Bulletin de sécurité Sun 1-66-273590-1 du 2 décembre 2009 :	-	other
Bulletin de sécurité Ubuntu USN-842 du 06 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Solaris 10 sur SPARC sans le patch 125215-03 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSolaris sur SPARC de svn_01 \u00e0 svn _125 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 9 sur SPARC avec le patch 125326-01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "wget versions ant\u00e9rieures \u00e0 la version 1.12 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 10 sur x86 sans le patch 125216-03 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 9 sur x86 avec le patch 125327-01 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSolaris sur x86 de svn_01 \u00e0 svn_125.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans wget. Cette vuln\u00e9rabilit\u00e9 est\ndue \u00e0 une mauvaise interpr\u00e9tation de certains caract\u00e8res dans un\ncertificat SSL. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 un\nutilisateur malintentionn\u00e9 de contourn\u00e9e la politique de confidentialit\u00e9\ninduite par l\u0027utilisation de SSL.\n\nNote : certains logiciels, en particulier certains gestionnaires de\nt\u00e9l\u00e9chargement, peuvent se servir d\u0027une version non corrig\u00e9e de wget.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
    }
  ],
  "initial_release_date": "2009-09-02T00:00:00",
  "last_revision_date": "2009-12-04T00:00:00",
  "links": [
    {
      "title": "notes de changements de wget du 27 ao\u00fbt 2009 :",
      "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1904 du 09 octobre 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1904"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun 1-66-273590-1 du 2 d\u00e9cembre 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273590-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-842 du 06 octobre 2009 :",
      "url": "http://www.ubuntu.com/usn/USN-842-1"
    }
  ],
  "reference": "CERTA-2009-AVI-363",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-02T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian et Ubuntu, et de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2009-10-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Sun et des syst\u00e8mes affect\u00e9s correspondants.",
      "revision_date": "2009-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant de contourner la politique de s\u00e9curit\u00e9 a\n\u00e9t\u00e9 d\u00e9couverte dans wget.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de wget",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de changements de wget du 27 ao\u00fbt 2009",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-431

Vulnerability from certfr_avis - Published: 2015-10-15 - Updated: 2015-10-15

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	QFabric 3100 Director versions 12.x
N/A	N/A	ScreenOS
N/A	N/A	CTPView 7.0R3
Juniper Networks	Junos OS	Juniper Junos OS

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10694 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10700 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10703 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10708 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10705 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10706 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10695 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10699 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10697 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10707 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10702 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10704 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10696 du 14 octobre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10701 du 14 octobre 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QFabric 3100 Director versions 12.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView 7.0R3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2011-2483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2483"
    },
    {
      "name": "CVE-2013-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
    },
    {
      "name": "CVE-2012-3417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3417"
    },
    {
      "name": "CVE-2014-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0063"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2014-3566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
    },
    {
      "name": "CVE-2014-8867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8867"
    },
    {
      "name": "CVE-2015-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1793"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2009-3490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3490"
    },
    {
      "name": "CVE-2012-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0866"
    },
    {
      "name": "CVE-2010-3433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3433"
    },
    {
      "name": "CVE-2012-5526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5526"
    },
    {
      "name": "CVE-2010-1447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1447"
    },
    {
      "name": "CVE-2014-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0061"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2007-6067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6067"
    },
    {
      "name": "CVE-2010-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
    },
    {
      "name": "CVE-2014-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8159"
    },
    {
      "name": "CVE-2010-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0211"
    },
    {
      "name": "CVE-2013-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
    },
    {
      "name": "CVE-2015-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2010-4352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4352"
    },
    {
      "name": "CVE-2015-7749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7749"
    },
    {
      "name": "CVE-2011-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
    },
    {
      "name": "CVE-2010-1168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1168"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2014-6450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6450"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2008-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2937"
    },
    {
      "name": "CVE-2012-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2697"
    },
    {
      "name": "CVE-2013-2566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
    },
    {
      "name": "CVE-2011-1081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1081"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2012-3488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3488"
    },
    {
      "name": "CVE-2015-5361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5361"
    },
    {
      "name": "CVE-2013-6435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6435"
    },
    {
      "name": "CVE-2010-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2014-6449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6449"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2014-6451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6451"
    },
    {
      "name": "CVE-2012-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6329"
    },
    {
      "name": "CVE-2014-4345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4345"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2013-6629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6629"
    },
    {
      "name": "CVE-2014-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
    },
    {
      "name": "CVE-2013-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4449"
    },
    {
      "name": "CVE-2012-0868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0868"
    },
    {
      "name": "CVE-2007-4476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4476"
    },
    {
      "name": "CVE-2010-4410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2015-7752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7752"
    },
    {
      "name": "CVE-2010-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
    },
    {
      "name": "CVE-2014-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0064"
    },
    {
      "name": "CVE-2014-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0065"
    },
    {
      "name": "CVE-2007-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4772"
    },
    {
      "name": "CVE-2013-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0292"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2015-1159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
    },
    {
      "name": "CVE-2011-2200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2200"
    },
    {
      "name": "CVE-2015-7748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7748"
    },
    {
      "name": "CVE-2015-7750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7750"
    },
    {
      "name": "CVE-2015-7751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7751"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2008-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3834"
    },
    {
      "name": "CVE-2010-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0624"
    },
    {
      "name": "CVE-2014-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0062"
    },
    {
      "name": "CVE-2011-1025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1025"
    },
    {
      "name": "CVE-2014-6448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6448"
    },
    {
      "name": "CVE-2011-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
    },
    {
      "name": "CVE-2010-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0212"
    },
    {
      "name": "CVE-2009-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1185"
    },
    {
      "name": "CVE-2009-4901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
    },
    {
      "name": "CVE-2010-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1172"
    },
    {
      "name": "CVE-2010-4530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4530"
    },
    {
      "name": "CVE-2011-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1024"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2014-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0060"
    },
    {
      "name": "CVE-1999-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-1999-0524"
    },
    {
      "name": "CVE-2010-4015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4015"
    },
    {
      "name": "CVE-2011-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0002"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3736"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2014-0066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0066"
    },
    {
      "name": "CVE-2010-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
    }
  ],
  "initial_release_date": "2015-10-15T00:00:00",
  "last_revision_date": "2015-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-431",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10694 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10694\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10700 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10700\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10703 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10703\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10708 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10708\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10705 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10706 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10706\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10695 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10695\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10699 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10699\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10697 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10697\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10707 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10707\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10702 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10702\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10704 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10696 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10696\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10701 du 14 octobre 2015",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10701\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2009-3490

Vulnerability from fkie_nvd - Published: 2009-09-30 15:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html
cve@mitre.org	http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
cve@mitre.org	http://marc.info/?l=oss-security&m=125198917018936&w=2
cve@mitre.org	http://marc.info/?l=oss-security&m=125369675820512&w=2
cve@mitre.org	http://permalink.gmane.org/gmane.comp.web.wget.general/8972
cve@mitre.org	http://secunia.com/advisories/36540	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36205
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2498	Vendor Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=520454
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099
af854a3a-2127-422b-91ae-364da2661108	http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html
af854a3a-2127-422b-91ae-364da2661108	http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=125198917018936&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=125369675820512&w=2
af854a3a-2127-422b-91ae-364da2661108	http://permalink.gmane.org/gmane.comp.web.wget.general/8972
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36540	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36205
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2498	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=520454
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099

Impacted products

Vendor	Product	Version
gnu	wget	*
gnu	wget	1.5.3
gnu	wget	1.6
gnu	wget	1.7
gnu	wget	1.7.1
gnu	wget	1.8
gnu	wget	1.8.1
gnu	wget	1.9
gnu	wget	1.9.1
gnu	wget	1.10
gnu	wget	1.10.1
gnu	wget	1.10.2
gnu	wget	1.11
gnu	wget	1.11.1
gnu	wget	1.11.2
gnu	wget	1.11.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0AF9BA-677F-423E-A9B2-0BEBA4A2E86A",
              "versionEndIncluding": "1.11.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50DD71F2-0B3C-4082-950A-CBFA5C601AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B3B1B6-3985-4479-93B2-14E1AB52F768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC975AA-0F98-4A3A-B3B4-2152156327D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEDFB88-C435-4FB9-838D-8199690A8F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BF2616-A99A-4229-A8A6-655155ED5EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A14454E-DDAE-4115-8323-8BB4E17DF208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88CD81A-7804-4316-8581-41689A318D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BE0FCE2-ABB9-4943-96AE-C81277014396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE8FE2E-40EF-4B86-A01E-7777FBDABB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E097843-1854-4C5E-BB27-07280EB3EEB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1047974D-7A5D-4533-996B-2B09EC7E8789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C40562DA-2B50-4B30-B0D8-B62913FCC680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B63798-366A-4778-987D-19307228E13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DEBAA0-B537-4EEC-8EA2-E503F26A0496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC161C5-5247-4A3C-AB56-6562B0A65D21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
    },
    {
      "lang": "es",
      "value": "GNU Wget, en versiones anteriores a la 1.12 no maneja adecuadamente un caracter \u0027\\0\u0027 en un nombre de dominio, en el campo Common Name de una certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) remotos suplantar servidores SSL a su elecci\u00f3n a trav\u00e9s de de un certificado manipulado expedido por una Autoridad de Certificaci\u00f3n leg\u00edtima, un tema relacionado con CVE-2009-2408."
    }
  ],
  "id": "CVE-2009-3490",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-09-30T15:30:00.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36540"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36205"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2498"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-3490

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3490

Aliases

CVE-2009-3490

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3490",
    "description": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
    "id": "GSD-2009-3490",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3490.html",
      "https://www.debian.org/security/2009/dsa-1904",
      "https://access.redhat.com/errata/RHSA-2009:1549",
      "https://linux.oracle.com/cve/CVE-2009-3490.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3490"
      ],
      "details": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
      "id": "GSD-2009-3490",
      "modified": "2023-12-13T01:19:49.174953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3490",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
            "refsource": "MLIST",
            "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
          },
          {
            "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
          },
          {
            "name": "ADV-2009-2498",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2498"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=520454",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
          },
          {
            "name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
            "refsource": "MLIST",
            "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "36540",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36540"
          },
          {
            "name": "36205",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36205"
          },
          {
            "name": "oval:org.mitre.oval:def:11099",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
          },
          {
            "name": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7",
            "refsource": "CONFIRM",
            "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
          },
          {
            "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3490"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[wget-notify] 20090805 [bug #27183] Wget likely suffers from the \\0 SSL cert vulnerability",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
            },
            {
              "name": "36205",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/36205"
            },
            {
              "name": "ADV-2009-2498",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2498"
            },
            {
              "name": "36540",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/36540"
            },
            {
              "name": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
            },
            {
              "name": "[oss-security] 20090923 Re: More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
            },
            {
              "name": "[bug-wget] 20090922 Release: GNU Wget 1.12",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=520454",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
            },
            {
              "name": "[oss-security] 20090903 More CVE-2009-2408 like issues",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "oval:org.mitre.oval:def:11099",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-09-30T15:30Z"
    }
  }
}

GHSA-6P5C-44CM-R9M8

Vulnerability from github – Published: 2022-05-02 03:45 – Updated: 2022-05-02 03:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3490"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-30T15:30:00Z",
    "severity": "MODERATE"
  },
  "details": "GNU Wget before 1.12 does not properly handle a \u0027\\0\u0027 character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
  "id": "GHSA-6p5c-44cm-r9m8",
  "modified": "2022-05-02T03:45:33Z",
  "published": "2022-05-02T03:45:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3490"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520454"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099"
    },
    {
      "type": "WEB",
      "url": "http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html"
    },
    {
      "type": "WEB",
      "url": "http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://permalink.gmane.org/gmane.comp.web.wget.general/8972"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36540"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36205"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2498"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3490 (GCVE-0-2009-3490)

CERTA-2009-AVI-363

Description

Solution

CERTFR-2015-AVI-431

Solution

FKIE_CVE-2009-3490

GSD-2009-3490

GHSA-6P5C-44CM-R9M8

Tags

Sightings

Nomenclature