CVE-2009-2702

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kde:kdelibs:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdelibs:4.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-08 18:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2702

Mitre link : CVE-2009-2702

CVE.ORG link : CVE-2009-2702


JSON object : View

Products Affected

kde

  • kdelibs
CWE
CWE-310

Cryptographic Issues