fkie_nvd - fkie_cve-2009-2700

fkie_cve-2009-2700

Vulnerability from fkie_nvd

Published

2009-09-02 17:30

Modified

2025-04-09 00:30

Severity ?

Summary

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

References

URL	Tags
cve@mitre.org	http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6
cve@mitre.org	http://secunia.com/advisories/36536	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36702	Vendor Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:225
cve@mitre.org	http://www.securityfocus.com/bid/36203
cve@mitre.org	http://www.ubuntu.com/usn/usn-829-1
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2499	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36536	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36702	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:225
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36203
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-829-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2499	Vendor Advisory

Impacted products

Vendor	Product	Version
qt	qt	4.0.0
qt	qt	4.0.1
qt	qt	4.1.0
qt	qt	4.1.1
qt	qt	4.1.2
qt	qt	4.1.3
qt	qt	4.1.4
qt	qt	4.1.5
qt	qt	4.2.0
qt	qt	4.2.1
qt	qt	4.2.3
qt	qt	4.3.0
qt	qt	4.3.1
qt	qt	4.3.2
qt	qt	4.3.3
qt	qt	4.3.4
qt	qt	4.3.5
qt	qt	4.4.0
qt	qt	4.4.1
qt	qt	4.4.2
qt	qt	4.4.3
qt	qt	4.5.0
qt	qt	4.5.1
qt	qt	4.5.2
qt	qt	4.5.3
qt	qt	4.6.0
qt	qt	4.6.0
qt	qt	4.6.1
qt	qt	4.6.2
qt	qt	4.6.3
qt	qt	4.6.4
qt	qt	4.7.0
qt	qt	4.7.1
qt	qt	4.7.2
qt	qt	4.7.3
qt	qt	4.7.4
qt	qt	4.7.5
qt	qt	4.8.0
qt	qt	4.8.1
qt	qt	4.8.2
qt	qt	4.8.3
qt	qt	4.8.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C966DAAB-74E1-4594-9CE7-5A1A60F5061E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D51BFA7D-281E-49ED-9A4B-60AD5143C4EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A38B91E-698F-4638-BC3B-BD02F3313B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7629BAB0-5077-4B82-9F11-B228E8EAFA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "76366D45-3604-49D1-BD97-8A9FACEA2171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEEF60A1-5FF0-465F-A872-62F80899F870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D5386EE-376B-4773-8687-5314BFF35E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ACE447E-BFBC-4059-9786-F8E5F512AEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AC6465-B459-410E-A5C5-EBFF5C866009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF48233D-EFFE-40A1-B50A-F2184D9CF325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "610017B4-3C0A-4A59-82A1-4E20BCF786E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D848BD49-3C88-4458-B8AB-AAD8DEB790BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A12D978-B6FF-4C67-97D4-91A285C47813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DBD073E-F3E0-4273-81E9-AF010B711F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D58ACBA-7DF3-403A-AC0E-94749383C750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D6E752-3B2E-4A95-A76A-3326CD490EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A27E4EC-9573-4C82-9B78-244DB0B06FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "678A25E8-57E3-4E0C-9B24-C68F11F108BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D16BB8CE-3871-4DFA-84BB-C089894437D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "965B37FD-E22F-4AA7-BDC2-147A9962CFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE12FD7-2FB2-444A-A660-86294646F8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4B9F55-4BFF-4FD3-A8BC-842B0467DCD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA805A7-7C62-49FD-B9A2-F81C981691C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5596442-5608-439B-8BE6-53A70F20C079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "29FD745E-4B61-417F-BC66-386877E75351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B74E5F5-CEE1-47B1-BE84-7F1C45D4FDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "82A767D8-6194-4ED5-B9BE-2A14541C141F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "874E217C-98AC-4F0B-B120-D721164912CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3051F46B-E301-4DF7-A89B-4E8495617888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8BED3D-E6E9-4A7F-A186-DD7DC20706D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5CFCD4-6CB1-489D-9619-B0169EA1719C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2D2DA2-4D77-4396-97A7-D4ED0F633E19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC1BC2C-6D99-463F-9326-AF9B468E03F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "342A67CF-B332-46D1-A3FF-604552953C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9239A893-506A-4853-8B00-FCDE5EC3E5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A6196C5-BB95-447A-B610-4765AB702F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E398049-C78A-452C-9FBF-E32DC86BDBD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B307395A-36B6-4F54-92C9-D732580F3EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D0CB6E-5275-4D51-81F1-84D456F936B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "214A1125-FBE9-433D-8B05-10595CD59F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7CC6B1-7E40-4D6A-94CF-7412EA3F8534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qt:qt:4.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "062A62AA-EC5B-4D8E-9337-D25DF4FE56FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
    },
    {
      "lang": "es",
      "value": "src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el car\u00e1cter \u0027\\0\u0027en un nombre de dominio en el campo Subject Alternative Name field de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elecci\u00f3n a trav\u00e9s de certificados manipulados expedidos por una Autoridad de Certificaci\u00f3n leg\u00edtima, una cuesti\u00f3n relacionada con CVE-2009-2408."
    }
  ],
  "id": "CVE-2009-2700",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-02T17:30:00.797",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36536"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36702"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36203"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-829-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-829-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2499"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5.  Affected code was introduced upstream in version 4.3.",
      "lastModified": "2009-09-03T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-2700 (GCVE-0-2009-2700)

Vulnerability from cvelistv5

Published

2009-09-02 17:00