CVE-2009-3455

Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
applesafari
𝑥
≤ 4.0.2
applesafari
0.8
applesafari
0.9
applesafari
1.0
applesafari
1.0.0
applesafari
1.0b1:b1
applesafari
1.1
applesafari
1.2
applesafari
1.2.0
applesafari
1.2.1
applesafari
1.2.2
applesafari
1.2.3
applesafari
1.2.4
applesafari
1.2.5
applesafari
1.3
applesafari
1.3.1
applesafari
1.3.2
applesafari
2.0
applesafari
2.0.0
applesafari
2.0.1
applesafari
2.0.2
applesafari
2.0.3
applesafari
2.0.4
applesafari
3.0
applesafari
3.0
applesafari
3.0.0
applesafari
3.0.1
applesafari
3.0.3
applesafari
3.0.3
applesafari
3.0.4
applesafari
3.0.4
applesafari
3.1
applesafari
3.1
applesafari
3.1.0
applesafari
3.1.1
applesafari
3.1.1
applesafari
3.1.2
applesafari
3.1.2
applesafari
3.2
applesafari
3.2.1
applesafari
3.2.1
applesafari
3.2.3
applesafari
3.2.3
applesafari
4.0
applesafari
4.0.0b:b
applesafari
4.0.1
applesafari
4.0.2
applesafari
4.0_beta:_beta
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.securityfocus.com/bid/36477
http://www.networkworld.com/news/2009/091709-microsoft-ie-security-hole.html
http://www.securityfocus.com/bid/36477