CVE-2009-3455

EUVD-2009-3437
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
applesafari
𝑥
≤ 4.0.2
applesafari
0.8
applesafari
0.9
applesafari
1.0
applesafari
1.0.0
applesafari
1.0b1:b1
applesafari
1.1
applesafari
1.2
applesafari
1.2.0
applesafari
1.2.1
applesafari
1.2.2
applesafari
1.2.3
applesafari
1.2.4
applesafari
1.2.5
applesafari
1.3
applesafari
1.3.1
applesafari
1.3.2
applesafari
2.0
applesafari
2.0.0
applesafari
2.0.1
applesafari
2.0.2
applesafari
2.0.3
applesafari
2.0.4
applesafari
3.0
applesafari
3.0
applesafari
3.0.0
applesafari
3.0.1
applesafari
3.0.3
applesafari
3.0.3
applesafari
3.0.4
applesafari
3.0.4
applesafari
3.1
applesafari
3.1
applesafari
3.1.0
applesafari
3.1.1
applesafari
3.1.1
applesafari
3.1.2
applesafari
3.1.2
applesafari
3.2
applesafari
3.2.1
applesafari
3.2.1
applesafari
3.2.3
applesafari
3.2.3
applesafari
4.0
applesafari
4.0.0b:b
applesafari
4.0.1
applesafari
4.0.2
applesafari
4.0_beta:_beta
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.securityfocus.com/bid/36477
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.securityfocus.com/bid/36477