Severity : High Published : 2009-08-14 Modified : 2011-10-29 Base Score : 7.5 Details : lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Product/Version : Pro 5.0   Mobilinux 5.0.24   MVL 5 Atom   CGE 5.x   Mobilinux 5.x   Pro 5.0.24   MVL 5 OMAP3   MVL 5 OMAP3530

CVE-2009-5064 CVE-2009-4895 CVE-2009-4881 CVE-2009-4880 CVE-2009-4537 CVE-2009-4410 CVE-2009-4377 CVE-2009-4355 CVE-2009-4308 CVE-2009-4307 CVE-2009-4272 CVE-2009-4141 CVE-2009-4135 CVE-2009-4134 CVE-2009-4131 CVE-2009-4029 CVE-2009-4022 CVE-2009-4021 CVE-2009-4017 CVE-2009-4005 CVE-2009-3889 CVE-2009-3767 CVE-2009-3736 CVE-2009-3726 CVE-2009-3720 CVE-2009-3639 CVE-2009-3621 CVE-2009-3620 CVE-2009-3612 CVE-2009-3563 CVE-2009-3560 CVE-2009-3559 CVE-2009-3558 CVE-2009-3557 CVE-2009-3555 CVE-2009-3550 CVE-2009-3547 CVE-2009-3490 CVE-2009-3245 CVE-2009-3238 CVE-2009-3230 CVE-2009-3228 CVE-2009-3095 CVE-2009-3094 CVE-2009-3080 CVE-2009-3002 CVE-2009-3001 CVE-2009-2910 CVE-2009-2909 CVE-2009-2908 CVE-2009-2903 CVE-2009-2849 CVE-2009-2848 CVE-2009-2847 CVE-2009-2730 CVE-2009-2563 CVE-2009-2562 CVE-2009-2560 CVE-2009-2417 CVE-2009-2412 CVE-2009-2409 CVE-2009-2042 CVE-2009-1895 CVE-2009-1891 CVE-2009-1890 CVE-2009-1632 CVE-2009-1630 CVE-2009-1574 CVE-2009-1417 CVE-2009-1389 CVE-2009-1387 CVE-2009-1386 CVE-2009-1377 CVE-2009-1337 CVE-2009-1297 CVE-2009-1269 CVE-2009-1268 CVE-2009-1267 CVE-2009-1265 CVE-2009-1252 CVE-2009-1210 CVE-2009-1196 CVE-2009-1195 CVE-2009-1194 CVE-2009-1192 CVE-2009-0949 CVE-2009-0887 CVE-2009-0859 CVE-2009-0835 CVE-2009-0834 CVE-2009-0798 CVE-2009-0791 CVE-2009-0778 CVE-2009-0316 CVE-2009-0217 CVE-2009-0163 CVE-2009-0159 CVE-2009-0028 CVE-2009-0021