neon prior to 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webdav neon |
||
apple mac os x |
||
canonical ubuntu linux 6.06 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 9.04 |
||
fedoraproject fedora 10 |
||
fedoraproject fedora 11 |