CVE-2009-3477
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
El Navegador de Blackberry en RIM BlackBerry Device Software v4.5.0 anterior a v4.5.0.173, 4.6.0 anterior a v4.6.0.303, 4.6.1 anterior a v4.6.1.309, 4.7.0 anterior a v4.7.0.179, y 4.7.1 anterior a v4.7.1.57 no maneja apropiadamente caracteres "ocultos" incluyendo un carácter '\0' en un nombre de dominio en el campo nombre común (NC) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) remotos suplantar servidores SSL a su elección a través de de un certificado manipulado expedido por una Autoridad de Certificación legítima, un tema relacionado con CVE-2009-2408.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-09-29 CVE Reserved
- 2009-09-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/36528 | Vdb Entry | |
http://www.securitytracker.com/id?1022951 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53490 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/36875 | 2017-08-17 | |
http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rim Search vendor "Rim" | Blackberry Device Software Search vendor "Rim" for product "Blackberry Device Software" | 4.5.0 Search vendor "Rim" for product "Blackberry Device Software" and version "4.5.0" | - |
Affected
| ||||||
Rim Search vendor "Rim" | Blackberry Device Software Search vendor "Rim" for product "Blackberry Device Software" | 4.6 Search vendor "Rim" for product "Blackberry Device Software" and version "4.6" | - |
Affected
| ||||||
Rim Search vendor "Rim" | Blackberry Device Software Search vendor "Rim" for product "Blackberry Device Software" | 4.6.1 Search vendor "Rim" for product "Blackberry Device Software" and version "4.6.1" | - |
Affected
| ||||||
Rim Search vendor "Rim" | Blackberry Device Software Search vendor "Rim" for product "Blackberry Device Software" | 4.7 Search vendor "Rim" for product "Blackberry Device Software" and version "4.7" | - |
Affected
| ||||||
Rim Search vendor "Rim" | Blackberry Device Software Search vendor "Rim" for product "Blackberry Device Software" | 4.7.1 Search vendor "Rim" for product "Blackberry Device Software" and version "4.7.1" | - |
Affected
|