← back
CVE-2009-2409

CVE-2009-2409

EPSS 4.5%
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://java.sun.com/j2se/1.5.0/ReleaseNotes.htmlhttp://java.sun.com/javase/6/webnotes/6u17.htmlhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409http://secunia.com/advisories/36139http://secunia.com/advisories/36157http://secunia.com/advisories/36434http://secunia.com/advisories/36669http://secunia.com/advisories/36739http://secunia.com/advisories/37386http://secunia.com/advisories/42467http://security.gentoo.org/glsa/glsa-200911-02.xml