CVE-2009-2808
https://notcve.org/view.php?id=CVE-2009-2808
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. Help Viewer en Apple Mac OS X anterior a v10.6.2 no utiliza una conexión HTTPS que obtiene contenido Apple Help desde una página web, lo que permite a atacantes hombre-en-el-medio (man-in-the-middle) enviar un enlace help:runscript, y de ese modo ejecutar código de su elección, a través de una respuesta suplantada. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.securityfocus.com/bid/36956 http://www.vupen.com/english/advisories/2009/3184 • CWE-310: Cryptographic Issues •
CVE-2009-3767 – OpenLDAP: Doesn't properly handle NULL character in subject Common Name
https://notcve.org/view.php?id=CVE-2009-3767
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. libraries/libldap/tls_o.c en OpenLDAP, cuando se usa OpenSSL, no maneja de forma adecuada el caracter '\0' en un nombre de dominio, dentro del campo sujeto del Common Name (CN) en los certificados X.509, lo que permite a atacantes man-in-the-middle, espíar servidores SSL de su elección a través de certificados manipulados concedidos por Autoridades Certificadoras, esta relacionado con CVE-2009-2408. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://marc.info/?l=oss-security&m=125369675820512&w=2 http://secunia.com/advisories/38769 http://secunia.com/advisories/40677 http://security.gentoo.org/glsa/glsa-201406-36.xml http://support.apple. • CWE-295: Improper Certificate Validation •
CVE-2009-3095 – httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
https://notcve.org/view.php?id=CVE-2009-3095
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. El módulo mod_proxy_ftp en el sevidor HTTP Apache, permite a atacantes remotos evitar las restricciones de acceso establecidas y enviar comandos de su elección a un servidor FTP mediante vectores relacionados con la incrustación de estos comandos en una cabecera "Authorization HTTP", como se demostró con un determinado módulo en VulnDisco Pack Professional v8.11. NOTA: hasta el 03/09/2009 esta vulnerabilidad no tenía información para su puesta en práctica. Sin embargo, ya que el autor de VulnDisco Pack en un investigador de confianza, se ha asignado un CVE al problema para su seguimiento. • http://intevydis.com/vd-list.shtml http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://marc.info/?l=bugtraq&m=126998684522511&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://secunia.com/advisories/37152 http://support.apple.com/kb/HT4077 http:/ •
CVE-2009-2474 – neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields
https://notcve.org/view.php?id=CVE-2009-2474
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. neon, en versiones anteriores a la 0.28.6, cuando OpenSSL está habilitado, no maneja adecuadamente un caracter '\0' en un nombre de dominio, en el campo Common Name (CN) del asunto de un certificado X.509, lo cual permite a atacacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación (CA) legítima, una cuestión relacionada con CVE-2009-2408. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html http://secunia.com/advisories/36371 http://secunia.com/advisories/36799 http://support.apple.com/kb/HT4435 http://www.mandriva.com/security/advisories?name=MDVSA-2009:221 http://www.securityfocus.com/bid/36079 http://www.ubuntu.com/usn/usn-835-1 http://www.vupen • CWE-326: Inadequate Encryption Strength •
CVE-2009-2200
https://notcve.org/view.php?id=CVE-2009-2200
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. WebKit en Apple Safari anteriores a v4.0.3 no restringe apropiadamente el esquema URL del atributo pluginspage de un elemento EMBED, lo que permite a los atacantes remotos asistidos por usuarios lanzar un archivo arbitrario: URLs y obtener información sensible a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://www.securityfocus.com/bid/36024 http://www.securitytracker.com/id?1022720 http://www.vupen.com/english/advisories/2011/0212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •