OpenSSL/GnuTLS SSL Server Spoofing Vulnerability (Win) Network Vulnerability

Summary

This host is running OpenSSL/GnuTLS and is prone to SSL server spoofing vulnerability.

Impact

Successful exploitation will let the attacker spoof the SSL cerficate and gain unauthorized access.

Solution

Upgrade to OpenSSL 1.0.0 or later and GnuTLS 2.6.4 or 2.7.4 or later. http://www.openssl.org/ http://www.gnu.org/software/gnutls/

Insight

The NSS library used in these applications support MD2 with X.509 certificates, which allows certificate to be spoofed using MD2 hash collision design flaws.

Affected

OpenSSL version 0.9.8 through 0.9.8k GnuTLS version before 2.6.4 and before 2.7.4 on Windows

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2409

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Adobe Reader Unspecified Vulnerability (Windows)
Apple Safari Web Script Execution Vulnerabilites - June09
Apple Safari 'SRC' Remote Denial Of Service Vulnerability
Apple Mac OS X Authentication Bypass Vulnerability

Take action and discover your vulnerabilities