Martin Lambers mpop prior to 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
martin lambers mpop 1.0.13 |
||
martin lambers mpop 1.0.12 |
||
martin lambers mpop 1.0.11 |
||
martin lambers mpop 1.0.10 |
||
martin lambers mpop 0.8.1 |
||
martin lambers mpop 0.8.0 |
||
martin lambers mpop 0.7.0 |
||
martin lambers mpop 0.6.3 |
||
martin lambers mpop 0.1.3 |
||
martin lambers mpop 0.1.2 |
||
martin lambers mpop 0.1.1 |
||
martin lambers mpop 0.1.0 |
||
martin lambers mpop 1.0.17 |
||
martin lambers mpop 1.0.15 |
||
martin lambers mpop 1.0.8 |
||
martin lambers mpop 1.0.5 |
||
martin lambers mpop 0.8.4 |
||
martin lambers mpop 0.8.2 |
||
martin lambers mpop 0.6.2 |
||
martin lambers mpop 0.6.0 |
||
martin lambers mpop 0.3.0 |
||
martin lambers mpop 0.1.4 |
||
martin lambers mpop |
||
martin lambers mpop 1.0.4 |
||
martin lambers mpop 1.0.3 |
||
martin lambers mpop 1.0.2 |
||
martin lambers mpop 1.0.1 |
||
martin lambers mpop 1.0.0 |
||
martin lambers mpop 0.4.3 |
||
martin lambers mpop 0.4.2 |
||
martin lambers mpop 0.4.1 |
||
martin lambers mpop 0.4.0 |
||
martin lambers mpop 1.0.16 |
||
martin lambers mpop 1.0.14 |
||
martin lambers mpop 1.0.9 |
||
martin lambers mpop 1.0.6 |
||
martin lambers mpop 0.8.5 |
||
martin lambers mpop 0.8.3 |
||
martin lambers mpop 0.6.1 |
||
martin lambers mpop 0.5.0 |
||
martin lambers mpop 0.3.1 |
||
martin lambers mpop 0.2.0 |