Description

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

Remediation

References

CVE-2009-2409

Related Vulnerabilities

WordPress Plugin DZS Video Gallery Multiple Cross-Site Scripting Vulnerabilities (All)

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (8.9)

WordPress Plugin Catch Gallery Security Bypass (1.6.8)

WordPress Plugin Ultimate Reviews PHP Object Injection (2.0.18)

Apache HTTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-41773)

Severity

Medium

Classification

CVE-2009-2409

Tags

Missing Update Known Vulnerabilities