VDB
DEBIAN-CVE-2009-2474
DEBIAN-CVE-2009-2474
PUBLISHED
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | litmus | 0, 0, 0 |
| Debian:13 | neon27 | 0, 0, 0 |
| Debian:14 | neon27 | 0, 0, 0 |
| Debian:11 | litmus | 0, 0, 0 |
| Debian:12 | litmus | 0, 0, 0 |
| Debian:11 | neon27 | 0, 0, 0 |
| Debian:13 | litmus | 0, 0, 0 |
| Debian:12 | neon27 | 0, 0, 0 |
Timeline
- Aug 21, 2009 CVE Published
- Apr 28, 2026 CVE Updated