CVE-2009-3455 - Vulnerability Details

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::-:mac:::::
	cpe:2.3:a:apple:safari:0.8:-:mac:::::*
	cpe:2.3:a:apple:safari:0.9:-:mac:::::*
	cpe:2.3:a:apple:safari:1.0:-:mac:::::*
	cpe:2.3:a:apple:safari:1.0.0:-:mac:::::*
	cpe:2.3:a:apple:safari:1.0b1:-:mac:::::*
	cpe:2.3:a:apple:safari:1.1:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.0:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.1:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.2:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.3:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.4:-:mac:::::*
	cpe:2.3:a:apple:safari:1.2.5:-:mac:::::*
	cpe:2.3:a:apple:safari:1.3:-:mac:::::*
	cpe:2.3:a:apple:safari:1.3.1:-:mac:::::*
	cpe:2.3:a:apple:safari:1.3.2:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0.0:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0.1:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0.2:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0.3:-:mac:::::*
	cpe:2.3:a:apple:safari:2.0.4:-:mac:::::*
	cpe:2.3:a:apple:safari:3.0::mac:::::
	cpe:2.3:a:apple:safari:3.0:-:mac:::::*
	cpe:2.3:a:apple:safari:3.0.0:-:mac:::::*
	cpe:2.3:a:apple:safari:3.0.1:-:mac:::::*
	cpe:2.3:a:apple:safari:3.0.3::mac:::::
	cpe:2.3:a:apple:safari:3.0.3:-:mac:::::*
	cpe:2.3:a:apple:safari:3.0.4::mac:::::
	cpe:2.3:a:apple:safari:3.0.4:-:mac:::::*
	cpe:2.3:a:apple:safari:3.1::mac:::::
	cpe:2.3:a:apple:safari:3.1:-:mac:::::*
	cpe:2.3:a:apple:safari:3.1.0:-:mac:::::*
	cpe:2.3:a:apple:safari:3.1.1::mac:::::
	cpe:2.3:a:apple:safari:3.1.1:-:mac:::::*
	cpe:2.3:a:apple:safari:3.1.2::mac:::::
	cpe:2.3:a:apple:safari:3.1.2:-:mac:::::*
	cpe:2.3:a:apple:safari:3.2:-:mac:::::*
	cpe:2.3:a:apple:safari:3.2.1::mac:::::
	cpe:2.3:a:apple:safari:3.2.1:-:mac:::::*
	cpe:2.3:a:apple:safari:3.2.3::mac:::::
	cpe:2.3:a:apple:safari:3.2.3:-:mac:::::*
	cpe:2.3:a:apple:safari:4.0:-:mac:::::*
	cpe:2.3:a:apple:safari:4.0.0b:-:mac:::::*
	cpe:2.3:a:apple:safari:4.0.1:-:mac:::::*
	cpe:2.3:a:apple:safari:4.0.2::mac:::::
	cpe:2.3:a:apple:safari:4.0_beta:-:mac:::::*

No data.

References

Link	Providers
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.securityfocus.com/bid/36477

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-29T17:00:00Z

Updated: 2024-09-16T19:36:40.318Z

Reserved: 2009-09-29T00:00:00Z

Link: CVE-2009-3455

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-09-29T18:00:00.360

Modified: 2024-11-21T01:07:23.717

Link: CVE-2009-3455

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object