CVE-2009-2409
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
CVE, Inc., Red Hat
Patch
http://java.sun.com/javase/6/webnotes/6u17.html
CVE, Inc., Red Hat
Release Notes
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/36139
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/36157
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/36434
CVE, Inc., Red Hat
Vendor Advisory
http://secunia.com/advisories/36669
CVE, Inc., Red Hat
Not Applicable
http://secunia.com/advisories/36739
CVE, Inc., Red Hat
Not Applicable
http://secunia.com/advisories/37386
CVE, Inc., Red Hat
Not Applicable
http://secunia.com/advisories/42467
CVE, Inc., Red Hat
Not Applicable
http://security.gentoo.org/glsa/glsa-200911-02.xml
CVE, Inc., Red Hat
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml
CVE, Inc., Red Hat
Third Party Advisory
http://support.apple.com/kb/HT3937
CVE, Inc., Red Hat
Broken Link
http://www.debian.org/security/2009/dsa-1874
CVE, Inc., Red Hat
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
CVE, Inc., Red Hat
Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
CVE, Inc., Red Hat
Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2009:258
CVE, Inc., Red Hat
Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
CVE, Inc., Red Hat
Not Applicable
http://www.redhat.com/support/errata/RHSA-2009-1207.html
CVE, Inc., Red Hat
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1432.html
CVE, Inc., Red Hat
Third Party Advisory
http://www.securityfocus.com/archive/1/515055/100/0/threaded
CVE, Inc., Red Hat
Broken Link
http://www.securitytracker.com/id?1022631
CVE, Inc., Red Hat
Broken Link
http://www.ubuntu.com/usn/usn-810-1
CVE, Inc., Red Hat
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
CVE, Inc., Red Hat
Third Party Advisory
http://www.vupen.com/english/advisories/2009/2085
CVE, Inc., Red Hat
Vendor Advisory
http://www.vupen.com/english/advisories/2009/3184
CVE, Inc., Red Hat
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3126
CVE, Inc., Red Hat
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409
CVE, Inc., Red Hat
Third Party Advisory
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
CVE, Inc., Red Hat
Third Party Advisory
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
CVE, Inc., Red Hat
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763
CVE, Inc., Red Hat
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631
CVE, Inc., Red Hat
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155
CVE, Inc., Red Hat
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
CVE, Inc., Red Hat
Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0095.html
CVE, Inc., Red Hat
Third Party Advisory
https://usn.ubuntu.com/810-2/
CVE, Inc., Red Hat
Broken Link
https://www.debian.org/security/2009/dsa-1888
CVE, Inc., Red Hat
Mailing List
Third Party Advisory
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-295
Improper Certificate Validation
NIST  
Change History
10 change records found show changes
Modified Analysis by NIST 3/27/2025 10:01:31 AM
Action
Type
Old Value
New Value
Added
CWE
CWE-295
Removed
CWE
CWE-310
Added
CPE Configuration
OR
*cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:* versions up to (excluding) 3.12.3
*cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.4
*cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions from (including) 2.7.0 up to (excluding) 2.7.4
*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 0.9.8 up to (including) 0.9.8k
Removed
CPE Configuration
AND
OR
*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
OR
*cpe:2.3:a:mozilla:nss:3.4.3:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.6.1:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.12:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.3.1:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.11.2:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.4:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.9:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7.7:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.11.8:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7.5:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.3.2:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.6:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.5:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.4.2:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.4.1:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.10:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.9.5:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.8:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7.3:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.3:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7.2:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.2:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.7.1:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.11.4:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.2.1:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.0:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:* versions up to (including) 3.12.2
*cpe:2.3:a:mozilla:nss:3.11.7:*:*:*:*:*:*:*
*cpe:2.3:a:mozilla:nss:3.12.1:*:*:*:*:*:*:*
Removed
CPE Configuration
Record truncated, showing 2048 of 6154 characters. View Entire Change Record OR
*cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:* versions up to (including) 2.6.3
*cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*
*cpe:2.3:a:gnu:gnu
Removed
CPE Configuration
OR
*cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
*cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
Changed
Reference Type
CVE: http://secunia.com/advisories/36739 Types: Vendor Advisory
CVE: http://secunia.com/advisories/36739 Types: Not Applicable
Changed
Reference Type
CVE: http://secunia.com/advisories/37386 Types: Vendor Advisory
CVE: http://secunia.com/advisories/37386 Types: Not Applicable
Changed
Reference Type
CVE: http://secunia.com/advisories/42467 Types: Vendor Advisory
CVE: http://secunia.com/advisories/42467 Types: Not Applicable
Changed
Reference Type
Red Hat, Inc.: http://secunia.com/advisories/36739 Types: Vendor Advisory
Red Hat, Inc.: http://secunia.com/advisories/36739 Types: Not Applicable
Changed
Reference Type
Red Hat, Inc.: http://secunia.com/advisories/37386 Types: Vendor Advisory
Red Hat, Inc.: http://secunia.com/advisories/37386 Types: Not Applicable
Changed
Reference Type
Red Hat, Inc.: http://secunia.com/advisories/42467 Types: Vendor Advisory
Red Hat, Inc.: http://secunia.com/advisories/42467 Types: Not Applicable
Added
Reference Type
CVE: http://java.sun.com/javase/6/webnotes/6u17.html Types: Release Notes
Added
Reference Type
CVE: http://secunia.com/advisories/36669 Types: Not Applicable
Added
Reference Type
CVE: http://security.gentoo.org/glsa/glsa-200911-02.xml Types: Third Party Advisory
Added
Reference Type
CVE: http://security.gentoo.org/glsa/glsa-200912-01.xml Types: Third Party Advisory
Added
Reference Type
CVE: http://support.apple.com/kb/HT3937 Types: Broken Link
Added
Reference Type
CVE: http://www.debian.org/security/2009/dsa-1874 Types: Mailing List
Added
Reference Type
CVE: http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 Types: Not Applicable
Added
Reference Type
CVE: http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 Types: Not Applicable
Added
Reference Type
CVE: http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 Types: Not Applicable
Added
Reference Type
CVE: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Types: Not Applicable
Added
Reference Type
CVE: http://www.redhat.com/support/errata/RHSA-2009-1207.html Types: Third Party Advisory
Added
Reference Type
CVE: http://www.redhat.com/support/errata/RHSA-2009-1432.html Types: Third Party Advisory
Added
Reference Type
CVE: http://www.securityfocus.com/archive/1/515055/100/0/threaded Types: Broken Link
Added
Reference Type
CVE: http://www.securitytracker.com/id?1022631 Types: Broken Link
Added
Reference Type
CVE: http://www.ubuntu.com/usn/usn-810-1 Types: Third Party Advisory
Added
Reference Type
CVE: http://www.vmware.com/security/advisories/VMSA-2010-0019.html Types: Third Party Advisory
Added
Reference Type
CVE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 Types: Third Party Advisory
Added
Reference Type
CVE: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html Types: Third Party Advisory
Added
Reference Type
CVE: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html Types: Third Party Advisory
Added
Reference Type
CVE: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 Types: Broken Link
Added
Reference Type
CVE: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 Types: Broken Link
Added
Reference Type
CVE: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 Types: Broken Link
Added
Reference Type
CVE: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 Types: Broken Link
Added
Reference Type
CVE: https://rhn.redhat.com/errata/RHSA-2010-0095.html Types: Third Party Advisory
Added
Reference Type
CVE: https://usn.ubuntu.com/810-2/ Types: Broken Link
Added
Reference Type
CVE: https://www.debian.org/security/2009/dsa-1888 Types: Mailing List, Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://java.sun.com/javase/6/webnotes/6u17.html Types: Release Notes
Added
Reference Type
Red Hat, Inc.: http://secunia.com/advisories/36669 Types: Not Applicable
Added
Reference Type
Red Hat, Inc.: http://security.gentoo.org/glsa/glsa-200911-02.xml Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://security.gentoo.org/glsa/glsa-200912-01.xml Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://support.apple.com/kb/HT3937 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: http://www.debian.org/security/2009/dsa-1874 Types: Mailing List
Added
Reference Type
Red Hat, Inc.: http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 Types: Not Applicable
Added
Reference Type
Red Hat, Inc.: http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 Types: Not Applicable
Added
Reference Type
Red Hat, Inc.: http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 Types: Not Applicable
Added
Reference Type
Red Hat, Inc.: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 Types: Not Applicable
Added
Reference Type
Red Hat, Inc.: http://www.redhat.com/support/errata/RHSA-2009-1207.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://www.redhat.com/support/errata/RHSA-2009-1432.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://www.securityfocus.com/archive/1/515055/100/0/threaded Types: Broken Link
Added
Reference Type
Red Hat, Inc.: http://www.securitytracker.com/id?1022631 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: http://www.ubuntu.com/usn/usn-810-1 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: http://www.vmware.com/security/advisories/VMSA-2010-0019.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 Types: Broken Link
Added
Reference Type
Red Hat, Inc.: https://rhn.redhat.com/errata/RHSA-2010-0095.html Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://usn.ubuntu.com/810-2/ Types: Broken Link
Added
Reference Type
Red Hat, Inc.: https://www.debian.org/security/2009/dsa-1888 Types: Mailing List, Third Party Advisory
CVE Modified by CVE 11/20/2024 8:04:48 PM
Action
Type
Old Value
New Value
Added
Reference
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
Added
Reference
http://java.sun.com/javase/6/webnotes/6u17.html
Added
Reference
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Added
Reference
http://secunia.com/advisories/36139
Added
Reference
http://secunia.com/advisories/36157
Added
Reference
http://secunia.com/advisories/36434
Added
Reference
http://secunia.com/advisories/36669
Added
Reference
http://secunia.com/advisories/36739
Added
Reference
http://secunia.com/advisories/37386
Added
Reference
http://secunia.com/advisories/42467
Added
Reference
http://security.gentoo.org/glsa/glsa-200911-02.xml
Added
Reference
http://security.gentoo.org/glsa/glsa-200912-01.xml
Added
Reference
http://support.apple.com/kb/HT3937
Added
Reference
http://www.debian.org/security/2009/dsa-1874
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2009:258
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Added
Reference
http://www.redhat.com/support/errata/RHSA-2009-1207.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2009-1432.html
Added
Reference
http://www.securityfocus.com/archive/1/515055/100/0/threaded
Added
Reference
http://www.securitytracker.com/id?1022631
Added
Reference
http://www.ubuntu.com/usn/usn-810-1
Added
Reference
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
Added
Reference
http://www.vupen.com/english/advisories/2009/2085
Added
Reference
http://www.vupen.com/english/advisories/2009/3184
Added
Reference
http://www.vupen.com/english/advisories/2010/3126
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409
Added
Reference
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
Added
Reference
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
Added
Reference
https://rhn.redhat.com/errata/RHSA-2010-0095.html
Added
Reference
https://usn.ubuntu.com/810-2/
Added
Reference
https://www.debian.org/security/2009/dsa-1888
CVE Modified by Red Hat, Inc. 5/13/2024 10:08:19 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc. 11/06/2023 9:04:07 PM
Action
Type
Old Value
New Value
Changed
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
CVE Modified by Red Hat, Inc. 2/12/2023 9:20:18 PM
Action
Type
Old Value
New Value
Changed
Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
CVE Modified by Red Hat, Inc. 10/10/2018 3:40:05 PM
Action
Type
Old Value
New Value
Added
Reference
http://www.securityfocus.com/archive/1/515055/100/0/threaded [No Types Assigned]
Removed
Reference
http://www.securityfocus.com/archive/1/archive/1/515055/100/0/threaded [No Types Assigned]
CVE Modified by Red Hat, Inc. 10/03/2018 6:00:48 PM
Action
Type
Old Value
New Value
Added
Reference
https://usn.ubuntu.com/810-2/ [No Types Assigned]
Removed
Reference
http://www.ubuntulinux.org/support/documentation/usn/usn-810-2 [No Types Assigned]
CVE Modified by Red Hat, Inc. 9/18/2017 9:29:06 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 [No Types Assigned]
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 [No Types Assigned]
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 [No Types Assigned]
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10763 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6631 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7155 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8594 [No Types Assigned]
CVE Modified by Red Hat, Inc. 12/07/2016 10:01:21 PM
Action
Type
Old Value
New Value
Added
Reference
https://www.debian.org/security/2009/dsa-1888 [No Types Assigned]
Removed
Reference
http://lists.debian.org/debian-security-announce/2009/msg00209.html [No Types Assigned]
Initial CVE Analysis 7/31/2009 8:59:00 AM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2009-2409 NVD
Published Date: 07/30/2009 NVD
Last Modified: 04/08/2025
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
