Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-2511 | First vendor Publication | 2009-10-14 |
Vendor | Cve | Last vendor Modification | 2023-12-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2511 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6186 | |||
Oval ID: | oval:org.mitre.oval:def:6186 | ||
Title: | Integer Overflow in X.509 Object Identifiers Vulnerability | ||
Description: | Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2511 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft ASN.1 Library |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-14 | Name : Microsoft Windows CryptoAPI X.509 Spoofing Vulnerabilities (974571) File : nvt/secpod_ms09-056.nasl |
2009-10-06 | Name : Microsoft IE CA SSL Certificate Security Bypass Vulnerability - Oct09 File : nvt/gb_ms_ie_ssl_certi_sec_bypass_vuln_oct09.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58856 | Microsoft Windows CryptoAPI X.509 Certificate Object Identifier Handling Over... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-15 | IAVM : 2009-A-0095 - Multiple Vulnerabilities in Microsoft Windows CryptoAPI Severity : Category I - VMSKEY : V0021760 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows CryptoAPI common name spoofing attempt RuleID : 24490 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows CryptoAPI common name spoofing attempt RuleID : 24489 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows CryptoAPI common name spoofing attempt RuleID : 24488 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows CryptoAPI ASN.1 integer overflow attempt RuleID : 16181 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-01 | Name : A client application installed on the remote Windows host is affected by a ma... File : citrix_ica_client_ssl_mitm.nasl - Type : ACT_GATHER_INFO |
2009-10-13 | Name : Certain identity validation methods may be bypassed allowing impersonation. File : smb_nt_ms09-056.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-12-07 21:28:05 |
|
2021-05-04 12:09:50 |
|
2021-04-22 01:10:11 |
|
2020-05-23 00:24:03 |
|
2019-02-26 17:19:32 |
|
2018-10-31 00:19:57 |
|
2018-10-13 00:22:50 |
|
2017-09-19 09:23:18 |
|
2016-08-31 12:01:50 |
|
2016-08-05 12:02:10 |
|
2016-06-28 17:46:14 |
|
2016-04-26 18:58:52 |
|
2014-02-17 10:50:51 |
|
2014-01-19 21:26:02 |
|
2013-11-11 12:38:22 |
|
2013-05-10 23:54:13 |
|