CVE-2009-3490

Currently unrated

Key Information:

Vendor: Gnu
Status: Wget
Vendor: CVE Published:; 30 September 2009

Summary

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

References

http://permalink.gmane.org/gmane.comp.web.wget.general/8972

mailing-listx_refsource_MLIST

http://marc.info/?l=oss-security&m=125369675820512&w=2

mailing-listx_refsource_MLIST

http://www.vupen.com/english/advisories/2009/2498

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Sep 30, 2009
Vulnerability Reserved
Sep 30, 2009