CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3490

GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.8%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2009-3490

Gnu » Wget » Version: N/A

cpe:2.3:a:gnu:wget:-
Gnu » Wget » Version: 1.10

cpe:2.3:a:gnu:wget:1.10
Gnu » Wget » Version: 1.10.1

cpe:2.3:a:gnu:wget:1.10.1
Gnu » Wget » Version: 1.10.2

cpe:2.3:a:gnu:wget:1.10.2
Gnu » Wget » Version: 1.11

cpe:2.3:a:gnu:wget:1.11
Gnu » Wget » Version: 1.11.1

cpe:2.3:a:gnu:wget:1.11.1
Gnu » Wget » Version: 1.11.2

cpe:2.3:a:gnu:wget:1.11.2
Gnu » Wget » Version: 1.11.3

cpe:2.3:a:gnu:wget:1.11.3
Gnu » Wget » Version: 1.11.4

cpe:2.3:a:gnu:wget:1.11.4
Gnu » Wget » Version: 1.4.0

cpe:2.3:a:gnu:wget:1.4.0
Gnu » Wget » Version: 1.4.1

cpe:2.3:a:gnu:wget:1.4.1
Gnu » Wget » Version: 1.4.2

cpe:2.3:a:gnu:wget:1.4.2
Gnu » Wget » Version: 1.4.3

cpe:2.3:a:gnu:wget:1.4.3
Gnu » Wget » Version: 1.5.0

cpe:2.3:a:gnu:wget:1.5.0
Gnu » Wget » Version: 1.5.3

cpe:2.3:a:gnu:wget:1.5.3
Gnu » Wget » Version: 1.6

cpe:2.3:a:gnu:wget:1.6
Gnu » Wget » Version: 1.7

cpe:2.3:a:gnu:wget:1.7
Gnu » Wget » Version: 1.7.1

cpe:2.3:a:gnu:wget:1.7.1
Gnu » Wget » Version: 1.8

cpe:2.3:a:gnu:wget:1.8
Gnu » Wget » Version: 1.8.1

cpe:2.3:a:gnu:wget:1.8.1
Gnu » Wget » Version: 1.8.2

cpe:2.3:a:gnu:wget:1.8.2
Gnu » Wget » Version: 1.9

cpe:2.3:a:gnu:wget:1.9
Gnu » Wget » Version: 1.9.1

cpe:2.3:a:gnu:wget:1.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3490

Products

Pricing

Contact Us