← voltar
CVE-2009-3475

CVE-2009-3475

EPSS 0.9%
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://secunia.com/advisories/36855http://secunia.com/advisories/36861http://secunia.com/advisories/36876http://shibboleth.internet2.edu/secadv/secadv_20090817.txthttp://www.debian.org/security/2009/dsa-1895http://www.debian.org/security/2009/dsa-1896