Vulnerability-Lookup

FKIE_CVE-2009-2730

Vulnerability from fkie_nvd - Published: 2009-08-12 10:30 - Updated: 2026-06-16 23:10

Severity

Summary

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References

URL	Tags
cve@mitre.org	http://article.gmane.org/gmane.network.gnutls.general/1733	Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
cve@mitre.org	http://secunia.com/advisories/36266	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36496
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/08/14/6
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-1232.html
cve@mitre.org	http://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.org	http://www.securitytracker.com/id?1022777
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.network.gnutls.general/1733	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36266	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36496
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/08/14/6
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1232.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022777
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/52404
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0095.html

Impacted products

Vendor	Product	Version
gnu	gnutls	*
gnu	gnutls	1.0.16
gnu	gnutls	1.0.17
gnu	gnutls	1.0.18
gnu	gnutls	1.0.19
gnu	gnutls	1.0.20
gnu	gnutls	1.0.21
gnu	gnutls	1.0.22
gnu	gnutls	1.0.23
gnu	gnutls	1.0.24
gnu	gnutls	1.0.25
gnu	gnutls	1.1.13
gnu	gnutls	1.1.14
gnu	gnutls	1.1.15
gnu	gnutls	1.1.16
gnu	gnutls	1.1.17
gnu	gnutls	1.1.18
gnu	gnutls	1.1.19
gnu	gnutls	1.1.20
gnu	gnutls	1.1.21
gnu	gnutls	1.1.22
gnu	gnutls	1.1.23
gnu	gnutls	1.2.0
gnu	gnutls	1.2.1
gnu	gnutls	1.2.2
gnu	gnutls	1.2.3
gnu	gnutls	1.2.4
gnu	gnutls	1.2.5
gnu	gnutls	1.2.6
gnu	gnutls	1.2.7
gnu	gnutls	1.2.8
gnu	gnutls	1.2.8.1a1
gnu	gnutls	1.2.9
gnu	gnutls	1.2.10
gnu	gnutls	1.2.11
gnu	gnutls	1.3.0
gnu	gnutls	1.3.1
gnu	gnutls	1.3.2
gnu	gnutls	1.3.3
gnu	gnutls	1.3.4
gnu	gnutls	1.3.5
gnu	gnutls	1.4.0
gnu	gnutls	1.4.1
gnu	gnutls	1.4.2
gnu	gnutls	1.4.3
gnu	gnutls	1.4.4
gnu	gnutls	1.4.5
gnu	gnutls	1.5.0
gnu	gnutls	1.5.1
gnu	gnutls	1.5.2
gnu	gnutls	1.5.3
gnu	gnutls	1.5.4
gnu	gnutls	1.5.5
gnu	gnutls	1.6.0
gnu	gnutls	1.6.1
gnu	gnutls	1.6.2
gnu	gnutls	1.6.3
gnu	gnutls	1.7.0
gnu	gnutls	1.7.1
gnu	gnutls	1.7.2
gnu	gnutls	1.7.3
gnu	gnutls	1.7.4
gnu	gnutls	1.7.5
gnu	gnutls	1.7.6
gnu	gnutls	1.7.7
gnu	gnutls	1.7.8
gnu	gnutls	1.7.9
gnu	gnutls	1.7.10
gnu	gnutls	1.7.11
gnu	gnutls	1.7.12
gnu	gnutls	1.7.13
gnu	gnutls	1.7.14
gnu	gnutls	1.7.15
gnu	gnutls	1.7.16
gnu	gnutls	1.7.17
gnu	gnutls	1.7.18
gnu	gnutls	1.7.19
gnu	gnutls	2.0.0
gnu	gnutls	2.0.1
gnu	gnutls	2.0.2
gnu	gnutls	2.0.3
gnu	gnutls	2.0.4
gnu	gnutls	2.1.0
gnu	gnutls	2.1.1
gnu	gnutls	2.1.2
gnu	gnutls	2.1.3
gnu	gnutls	2.1.4
gnu	gnutls	2.1.5
gnu	gnutls	2.1.6
gnu	gnutls	2.1.7
gnu	gnutls	2.1.8
gnu	gnutls	2.2.0
gnu	gnutls	2.2.1
gnu	gnutls	2.2.2
gnu	gnutls	2.2.3
gnu	gnutls	2.2.4
gnu	gnutls	2.2.5
gnu	gnutls	2.3.0
gnu	gnutls	2.3.1
gnu	gnutls	2.3.2
gnu	gnutls	2.3.3
gnu	gnutls	2.3.4
gnu	gnutls	2.3.5
gnu	gnutls	2.3.6
gnu	gnutls	2.3.7
gnu	gnutls	2.3.8
gnu	gnutls	2.3.9
gnu	gnutls	2.3.10
gnu	gnutls	2.3.11
gnu	gnutls	2.4.0
gnu	gnutls	2.4.1
gnu	gnutls	2.4.2
gnu	gnutls	2.5.0
gnu	gnutls	2.6.0
gnu	gnutls	2.6.1
gnu	gnutls	2.6.2
gnu	gnutls	2.6.3
gnu	gnutls	2.6.4
gnu	gnutls	2.6.5
gnu	gnutls	2.6.6
gnu	gnutls	2.8.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DF1A90-D8BB-40B5-B136-39300DB1EFE3",
              "versionEndIncluding": "2.8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "8856E1B1-8007-42E5-82EF-4700D4DEEDDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9CF40D3-CE03-4C2A-8EEF-EB5989291806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC60D4CC-922C-4941-A400-0CBEAC7F31D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A0D19-A17A-4007-8355-497D14CFCBF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "8140DBE1-8116-4051-9A57-07535586E0AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1CC840D-AD01-4EE2-8652-06742A6286BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "84224A82-6D58-4000-A449-20C1632DAE85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "A466931C-769A-4A28-B072-10930CE655E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEE50AC-8730-4F04-B57C-6BDF8B957F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F621DC-7967-4D97-A562-02E7033C89C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "776E5481-399F-45BC-AD20-A18508B03916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D7F972-9128-4A4D-8508-B38CE2F155E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5D56873-E8C5-4E4B-BB85-6DCF6526B453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FE4766-32D0-491E-8C71-5B998C468142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F980857-2364-466A-8366-BD017D242222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2E649D-5C45-4412-927B-E3EDCE07587C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "066175C2-6E96-4BAE-B1A6-B23D25547FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "869D3010-67AE-44D0-BB8F-D9C410AEA1D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "052B40C1-C29B-4189-9A45-DAE873AB716D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F71E61-7455-4E10-B9D8-2B7FDDFB10F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B588AAE0-8C3F-47C7-812F-8C97BD8795E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB9154B-4254-4F33-8DB2-5B96E2DA4931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2EA79D1-2EA8-4040-A5B5-C93EE937945A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D05BC3-1315-4AC7-884D-41459272C94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2901E522-6F54-4FA5-BF22-463A9D6B53D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "738F29DA-9741-4BA5-B370-417443A3AC2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "52173492-1031-4AA4-A600-6210581059D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB636C36-2884-4F66-B68A-4494AEAF90C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4231BD-201D-4B10-9E35-B9EEFC714F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9200C3-0F46-4238-918B-38D95BF11547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "024A9511-7CB4-4681-8429-0FE7FC34DF1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34CEF5ED-87A5-44B2-8A4A-9896957C057B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B84A4F5-CED7-4633-913F-BE8235F68616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97564ABD-F9CE-4B3C-978A-1622DE3E4924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB6EC88-DCE0-439B-89CD-18229965849B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2C89DD-CDBD-4772-A031-089F32006D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C2FD618-91F4-48E7-B945-90CC0A367DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DC9555-E76F-4F8D-AE39-5160B34A87FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B61D180-9EEA-4258-9A59-7F004F2C83F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00DE1208-BDDC-405B-A34A-B58D00A279DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EF689E-59AA-4619-ADB2-E195CFD4094A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B62AB660-5DA4-4F13-AF9E-DC53D0A18EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22314ED6-D0CD-442E-A645-A9CCFE114AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E1C5B2-27BF-4328-9336-98B8828EE4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C952BF-A135-4B15-8A51-94D66B618469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADED309-0A25-478D-B542-96217A0DD63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0403DE-76B1-4E24-8014-64F73DCB53DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F714D22-873A-4D64-8151-86BB55EFD084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9181F9-50FF-4995-9554-022CF93376C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED0B40F-3413-40D6-B1EF-E6354D2A91F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E99A7D8-2303-4268-8EF8-6F01A042BEDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C70F69-FB80-4F32-A798-71A5153E6C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A1E604-500E-4181-BF66-BB69C7C3F425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8120E3-B60F-44E4-B837-4707A9BAEDBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D3F16F-2C23-48E9-9F2D-1F1DF74719E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7073EAD-06C9-4309-B479-135021E82B99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "546C56AC-AFCC-47B7-A5A8-D3E3199BEA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1895868E-E501-42C2-8450-EEED4447BAB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "199AA36A-3B23-438C-9109-CC9000372986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD6FFF05-37B2-4D69-86AF-921591382D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "82BF8600-4E5D-4FF4-953C-F2DC726CA6CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C40F0E-B102-4FE8-9E93-0ACFBF35226D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "22802660-D33F-4683-B82F-C94AC6170A73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3623E9BE-F513-4301-BF0C-6A7F87E78E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DBAF08-1441-4F14-A740-E90044B77042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3B6684-3890-4B60-BE67-D06045A86B3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
    },
    {
      "lang": "es",
      "value": "libgnutls en GnuTLS versiones anteriores a v2.8.2 no gestiona adecuadamente un car\u00e1cter \u0027\\0\u0027 en el nombre de dominio en los campos de identificaci\u00f3n (1) Common Name (CN) o (2) Subject Alternative Name (SAN) de un certificado X.509, permitiendo que atacantes \"hombre en el medio\" (man-in-the-middle) suplanten servidores SSL de su elecci\u00f3n mediante un certificado modificado que ha sido proporcionado por una Autoridad de Certificaci\u00f3n leg\u00edtima."
    }
  ],
  "id": "CVE-2009-2730",
  "lastModified": "2026-06-16T23:10:07.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-12T10:30:01.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36496"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022777"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-2730 (GCVE-0-2009-2730)

Vulnerability from cvelistv5 – Published: 2009-08-12 10:00 – Updated: 2024-08-07 05:59

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

13 references

URL	Tags
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.securitytracker.com/id?1022777	vdb-entryx_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/08/14/6	mailing-listx_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-12…	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/36496	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/36266	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
https://rhn.redhat.com/errata/RHSA-2010-0095.html	vendor-advisoryx_refsource_REDHAT
http://article.gmane.org/gmane.network.gnutls.gen…	x_refsource_CONFIRM

Date Public

2009-08-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:8409",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
          },
          {
            "name": "1022777",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
          },
          {
            "name": "RHSA-2009:1232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
          },
          {
            "name": "SUSE-SR:2009:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "name": "36496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36496"
          },
          {
            "name": "oval:org.mitre.oval:def:10778",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
          },
          {
            "name": "36266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36266"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "gnutls-cn-san-security-bypass(52404)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:8409",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
        },
        {
          "name": "1022777",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
        },
        {
          "name": "RHSA-2009:1232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
        },
        {
          "name": "SUSE-SR:2009:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
        },
        {
          "name": "36496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36496"
        },
        {
          "name": "oval:org.mitre.oval:def:10778",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
        },
        {
          "name": "36266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36266"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "gnutls-cn-san-security-bypass(52404)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libgnutls in GnuTLS before 2.8.2 does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:8409",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8409"
            },
            {
              "name": "1022777",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022777"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "[oss-security] 20090814 GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/08/14/6"
            },
            {
              "name": "RHSA-2009:1232",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1232.html"
            },
            {
              "name": "SUSE-SR:2009:015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
            },
            {
              "name": "36496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36496"
            },
            {
              "name": "oval:org.mitre.oval:def:10778",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10778"
            },
            {
              "name": "36266",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36266"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "gnutls-cn-san-security-bypass(52404)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52404"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "http://article.gmane.org/gmane.network.gnutls.general/1733",
              "refsource": "CONFIRM",
              "url": "http://article.gmane.org/gmane.network.gnutls.general/1733"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2730",
    "datePublished": "2009-08-12T10:00:00.000Z",
    "dateReserved": "2009-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:59:57.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2009-2730

CVE-2009-2730 (GCVE-0-2009-2730)

Tags

Sightings

Nomenclature