CVE-2009-2973 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-2973 PUBLISHED CVSS 6.400000095367432 MEDIUM

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

EPSS 0.12% · 30.3th percentile

Risk Scores

CVSS v2.0

6.400000095367432

EPSS Score

0.12%

30.3th percentile

Affected Products

Vendor	Product	Versions
google	chrome	2.0.172.33, 0, 0.2.149.27
n/a	n/a	n/a

Timeline

Aug 27, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

ADV-2009-2420 vdb
36417 third-party-advisory
http://code.google.com/p/chromium/issues/detail?id=18725 url
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html url
google-chrome-algorithm-spoofing(52903) vdb
https://nvd.nist.gov/vuln/detail/CVE-2009-2973 advisory

Open in Interactive Console →