CVE-2009-3477

EUVD-2009-3459
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
rimblackberry_device_software
4.5.0
rimblackberry_device_software
4.6
rimblackberry_device_software
4.6.1
rimblackberry_device_software
4.7
rimblackberry_device_software
4.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/36875
http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552
http://www.securityfocus.com/bid/36528
http://www.securitytracker.com/id?1022951
https://exchange.xforce.ibmcloud.com/vulnerabilities/53490
http://secunia.com/advisories/36875
http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552
http://www.securityfocus.com/bid/36528
http://www.securitytracker.com/id?1022951
https://exchange.xforce.ibmcloud.com/vulnerabilities/53490