CVE-2009-2409 (GCVE-0-2009-2409)

Vulnerability from cvelistv5 – Published: 2009-07-30 19:00 – Updated: 2024-08-07 05:52
VLAI
Summary
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://secunia.com/advisories/36139 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36157 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
https://www.debian.org/security/2009/dsa-1888 vendor-advisoryx_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/36434 third-party-advisoryx_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200912-01.xml vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id?1022631 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/42467 third-party-advisoryx_refsource_SECUNIA
https://lists.balabit.com/pipermail/syslog-ng-ann… mailing-listx_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2009-12… vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/archive/1/515055/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/36669 third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-14… vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/usn-810-1 vendor-advisoryx_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
https://usn.ubuntu.com/810-2/ vendor-advisoryx_refsource_UBUNTU
http://java.sun.com/javase/6/webnotes/6u17.html x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
https://lists.balabit.com/pipermail/syslog-ng-ann… mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2010/3126 vdb-entryx_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2010-0095.html vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3184 vdb-entryx_refsource_VUPEN
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2085 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2009/dsa-1874 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/36739 third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT3937 x_refsource_CONFIRM
Date Public
2009-07-29 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36139"
          },
          {
            "name": "36157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36157"
          },
          {
            "name": "MDVSA-2009:197",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
          },
          {
            "name": "MDVSA-2009:216",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
          },
          {
            "name": "DSA-1888",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2009/dsa-1888"
          },
          {
            "name": "oval:org.mitre.oval:def:8594",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "36434",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36434"
          },
          {
            "name": "GLSA-200912-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
          },
          {
            "name": "1022631",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022631"
          },
          {
            "name": "42467",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42467"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "RHSA-2009:1207",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "36669",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36669"
          },
          {
            "name": "RHSA-2009:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
          },
          {
            "name": "USN-810-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-810-1"
          },
          {
            "name": "oval:org.mitre.oval:def:10763",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
          },
          {
            "name": "MDVSA-2009:258",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
          },
          {
            "name": "USN-810-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/810-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7155",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6631",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "ADV-2009-2085",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2085"
          },
          {
            "name": "DSA-1874",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1874"
          },
          {
            "name": "36739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36739"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "36139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36139"
        },
        {
          "name": "36157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36157"
        },
        {
          "name": "MDVSA-2009:197",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
        },
        {
          "name": "MDVSA-2009:216",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
        },
        {
          "name": "DSA-1888",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2009/dsa-1888"
        },
        {
          "name": "oval:org.mitre.oval:def:8594",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "36434",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36434"
        },
        {
          "name": "GLSA-200912-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
        },
        {
          "name": "1022631",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022631"
        },
        {
          "name": "42467",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42467"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "RHSA-2009:1207",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "36669",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36669"
        },
        {
          "name": "RHSA-2009:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
        },
        {
          "name": "USN-810-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-810-1"
        },
        {
          "name": "oval:org.mitre.oval:def:10763",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763"
        },
        {
          "name": "MDVSA-2009:258",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:258"
        },
        {
          "name": "USN-810-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/810-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7155",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6631",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "ADV-2009-2085",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2085"
        },
        {
          "name": "DSA-1874",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1874"
        },
        {
          "name": "36739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36739"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2409",
    "datePublished": "2009-07-30T19:00:00.000Z",
    "dateReserved": "2009-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:52:14.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-2409",
      "date": "2026-05-28",
      "epss": "0.02215",
      "percentile": "0.84728"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14E6A30E-7577-4569-9309-53A0AF7FE3AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.12.2\", \"matchCriteriaId\": \"FD8D62AB-8BC8-4A00-ACDA-5D224C043129\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DDA50B0-D3D2-456D-B48A-BD5EE72B8E7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C15CFFC-5D0F-4BBB-9428-06B475274235\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"141015B2-BE49-4EE8-ABE8-E8D18DA2C9E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91423E7A-6AD0-4203-A779-E4495E889310\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FC8DF55-463F-4002-A227-05E51545EBE9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A41F970E-8918-4A30-B3E2-BDEF85FFF372\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E44BF206-EBE6-4FC6-97E8-6C2C994612AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B8DEE0E-354F-4C7A-8AE1-0F21E91829A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE0E4EB6-8389-47B8-839F-1B8D4E781A13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C4F2FFC-CAE0-480D-8FCE-E7A8923ED452\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04657D90-D5E4-4EFA-9016-1459815C0393\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74A235D9-DA84-4448-B4AB-0D2BD809B3B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CCA94E0-F5CF-4873-AD4B-ADA82967A5F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DAF7717-A813-411A-A18A-2524EB63C949\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57B8CAE7-D938-4CF4-BB75-C039CACA0968\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B48D1426-B803-4E55-996D-E397CE6A5FAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C893C67-6E8F-4C37-9DC3-52BA2D4C441C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24304AE2-ECA2-4255-B0F3-245CDBE630C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4145734-9500-4818-BA42-22691386571F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9CB9668-2D0D-4101-B895-9A792402EC4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF3CB1AC-EC26-4AC3-84F9-0A6D4B54B634\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B25E1B37-9809-4855-BE37-358F25DE6FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ED04A6-49B8-42DC-BF0F-868CD60473F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5D38075-BD60-4D44-99FA-3756A735BD7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64487A7D-770E-4F71-9DCD-50336F681B7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.11.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF9A0BAB-3B27-4E54-8881-F56FC3630EA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.11.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A79CFF5-B1D6-4B2F-9327-B6C451C47EA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"542A1310-8470-4780-8AD5-C72721BA298C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:nss:3.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ACB2CAD-4C94-44B8-B61B-97CF7DA5DB26\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF4EA988-FC80-4170-8933-7C6663731981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BB38AEA-BAF0-4920-9A71-747C24444770\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F33EA2B-DE15-4695-A383-7A337AC38908\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261EE631-AB43-44FE-B02A-DFAAB8D35927\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.6.3\", \"matchCriteriaId\": \"95002BAD-9C8A-4DCE-A900-7948F2FC9BCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FBB8F2C-498D-4D31-A7D7-9991BABEA7A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8856E1B1-8007-42E5-82EF-4700D4DEEDDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9CF40D3-CE03-4C2A-8EEF-EB5989291806\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC60D4CC-922C-4941-A400-0CBEAC7F31D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"754A0D19-A17A-4007-8355-497D14CFCBF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8140DBE1-8116-4051-9A57-07535586E0AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D2DF7F-DCDD-486D-B906-F9DDE3A1DB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1CC840D-AD01-4EE2-8652-06742A6286BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84224A82-6D58-4000-A449-20C1632DAE85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A466931C-769A-4A28-B072-10930CE655E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FEE50AC-8730-4F04-B57C-6BDF8B957F6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F621DC-7967-4D97-A562-02E7033C89C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"776E5481-399F-45BC-AD20-A18508B03916\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63D7F972-9128-4A4D-8508-B38CE2F155E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5D56873-E8C5-4E4B-BB85-6DCF6526B453\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54FE4766-32D0-491E-8C71-5B998C468142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F980857-2364-466A-8366-BD017D242222\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CDCF1F0-5A78-48FF-B4B0-303AE2420F6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A2E649D-5C45-4412-927B-E3EDCE07587C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"066175C2-6E96-4BAE-B1A6-B23D25547FAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.1.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"869D3010-67AE-44D0-BB8F-D9C410AEA1D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"052B40C1-C29B-4189-9A45-DAE873AB716D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02F71E61-7455-4E10-B9D8-2B7FDDFB10F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E05A9A1-6B7A-43FB-A9B8-41B68CA5FDCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FB08FD9-9AB8-4015-A8BE-FD9F7EBAC6DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B588AAE0-8C3F-47C7-812F-8C97BD8795E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBB9154B-4254-4F33-8DB2-5B96E2DA4931\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64D9C191-6A57-40BB-BDD1-6B1A6BBAB51E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2EA79D1-2EA8-4040-A5B5-C93EE937945A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61D05BC3-1315-4AC7-884D-41459272C94B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.8.1a1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2901E522-6F54-4FA5-BF22-463A9D6B53D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"738F29DA-9741-4BA5-B370-417443A3AC2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52173492-1031-4AA4-A600-6210581059D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB636C36-2884-4F66-B68A-4494AEAF90C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"777A16E4-A1F5-48DC-9BF0-CD9F0DCF8B55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC4231BD-201D-4B10-9E35-B9EEFC714F6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C9200C3-0F46-4238-918B-38D95BF11547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"024A9511-7CB4-4681-8429-0FE7FC34DF1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34CEF5ED-87A5-44B2-8A4A-9896957C057B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B84A4F5-CED7-4633-913F-BE8235F68616\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97564ABD-F9CE-4B3C-978A-1622DE3E4924\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DB6EC88-DCE0-439B-89CD-18229965849B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E2C89DD-CDBD-4772-A031-089F32006D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C2FD618-91F4-48E7-B945-90CC0A367DE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65DC9555-E76F-4F8D-AE39-5160B34A87FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B61D180-9EEA-4258-9A59-7F004F2C83F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00DE1208-BDDC-405B-A34A-B58D00A279DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EF689E-59AA-4619-ADB2-E195CFD4094A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B62AB660-5DA4-4F13-AF9E-DC53D0A18EED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22314ED6-D0CD-442E-A645-A9CCFE114AE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9E1C5B2-27BF-4328-9336-98B8828EE4BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5C952BF-A135-4B15-8A51-94D66B618469\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ADED309-0A25-478D-B542-96217A0DD63E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC0403DE-76B1-4E24-8014-64F73DCB53DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69EA91B0-249F-41B2-8AD0-0C2AD29BE3D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F714D22-873A-4D64-8151-86BB55EFD084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E9181F9-50FF-4995-9554-022CF93376C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AED0B40F-3413-40D6-B1EF-E6354D2A91F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E99A7D8-2303-4268-8EF8-6F01A042BEDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86C70F69-FB80-4F32-A798-71A5153E6C29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A1E604-500E-4181-BF66-BB69C7C3F425\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C8120E3-B60F-44E4-B837-4707A9BAEDBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84D3F16F-2C23-48E9-9F2D-1F1DF74719E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7073EAD-06C9-4309-B479-135021E82B99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"546C56AC-AFCC-47B7-A5A8-D3E3199BEA41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1895868E-E501-42C2-8450-EEED4447BAB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ED1FCE0-260B-4FB2-9DBD-F4D0D35639AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"199AA36A-3B23-438C-9109-CC9000372986\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD6FFF05-37B2-4D69-86AF-921591382D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82BF8600-4E5D-4FF4-953C-F2DC726CA6CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04C40F0E-B102-4FE8-9E93-0ACFBF35226D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22802660-D33F-4683-B82F-C94AC6170A73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3623E9BE-F513-4301-BF0C-6A7F87E78E7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5DBAF08-1441-4F14-A740-E90044B77042\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CE9BB7E-DDD8-4CBF-AEC2-40D59A560BD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:1.7.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D3B6684-3890-4B60-BE67-D06045A86B3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C6C982-21D5-4FE3-A342-FC45BD78D2F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A69E3A01-D8C6-4C36-8C4E-52B96541D5B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9D61596-01EB-4936-923B-63537625F926\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"599EB59C-7717-47A8-84C6-78B6D79AEB02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A6CBB77-818D-4DFF-9DD9-07EBF9933B06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26E9005E-5034-43F2-B96E-7829E19FE3A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FA854EA-29FE-4B91-AEA3-ED649D7FD25A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DC3A5EE-2892-4548-A0CB-D3289CD64D63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83F22BF4-A738-438B-8D0B-6993640F0D31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D3193B7-8FB9-45E4-BFF6-891A3F14F021\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AF269AE-121B-4982-A765-5C7E806FA9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1C9F604-7FBE-4759-B039-8F5894574203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"191821CD-E4CB-4269-B04C-284A9F9783B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A71474-958D-4689-A652-3E2A731F47FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38169043-17DF-4CF9-963A-8770B8882357\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4537676-A72E-4433-B44F-3664EDD6F240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D090B10-68F2-424D-8234-2A280AA96B59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23168B77-645D-4A2A-A6E3-7001104064A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D085B16-3116-423F-BDE0-2D93E12650A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C59247E9-CDAE-4269-A8E4-F49F617CDD23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6019C0C-E9DD-4831-8E6A-785AE1A930FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F9CF15-8789-49B6-BB6D-B784C8FF20ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C51E0C88-B19C-408D-AC17-10CE7462D48A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC41482-B3BC-4C93-A850-73A179BAB763\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADC80BE1-28A6-4348-A061-8FD9C805E945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D8EF703-AE06-4DD7-9235-2D8CCDB24F96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8201FF6-53A8-4850-A2B2-47AA65B2CB75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFB33002-E5C6-4573-BC94-647DDE4E6F89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7D245A-D983-40AD-89A7-0EA00D38D570\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7223691-225D-4649-B410-F41D2C489BA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6B3DBF9-52EB-4741-85E4-E68645BD81E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"350A6845-77D6-4D63-A13C-5DAB55F98727\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A456D12-C43A-47B0-AC0D-BF02AEBA0828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B5E7C27-A5D9-4ABD-AFC5-5367083F387F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.\"}, {\"lang\": \"es\", \"value\": \"La librer\\u00eda Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versi\\u00f3n 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podr\\u00edan permitir a atacantes remotos falsificar certificados usando defectos de dise\\u00f1o de MD2 para generar una colisi\\u00f3n de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema est\\u00e1 actualmente limitado porque la cantidad de computaci\\u00f3n requerida es todav\\u00eda grande.\"}]",
      "id": "CVE-2009-2409",
      "lastModified": "2024-11-21T01:04:48.300",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-07-30T19:30:00.343",
      "references": "[{\"url\": \"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://java.sun.com/javase/6/webnotes/6u17.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36139\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36157\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36434\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36669\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/36739\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37386\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42467\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200911-02.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200912-01.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1874\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:197\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:258\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1207.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1432.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/515055/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1022631\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-810-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2085\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3126\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0095.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://usn.ubuntu.com/810-2/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.debian.org/security/2009/dsa-1888\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://java.sun.com/javase/6/webnotes/6u17.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/36669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/36739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/37386\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/42467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200911-02.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200912-01.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT3937\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:197\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1207.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2009-1432.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/515055/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022631\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-810-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/2085\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rhn.redhat.com/errata/RHSA-2010-0095.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/810-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2009/dsa-1888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2409\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-07-30T19:30:00.343\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.\"},{\"lang\":\"es\",\"value\":\"La librer\u00eda Network Security Services (NSS) en versiones anteriores a 3.12.3, como se utiliza en Firefox; GnuTLS en versiones anteriores a 2.6.4 y 2.7.4; OpenSSL 0.9.8 hasta la versi\u00f3n 0.9.8k; y otros productos que soportan MD2 con certificados X.509, lo que podr\u00edan permitir a atacantes remotos falsificar certificados usando defectos de dise\u00f1o de MD2 para generar una colisi\u00f3n de hash en menos que tiempo que con fuerza bruta. NOTA: el alcance de este problema est\u00e1 actualmente limitado porque la cantidad de computaci\u00f3n requerida es todav\u00eda grande.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.4\",\"matchCriteriaId\":\"3306EB88-CE4C-4D5E-BE35-53DE6DEC5C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.4\",\"matchCriteriaId\":\"66221847-4F1D-4F26-8916-731BDFE5B3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.12.3\",\"matchCriteriaId\":\"A21F310D-7D9F-45D7-974D-C615F99FBEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.8\",\"versionEndIncluding\":\"0.9.8k\",\"matchCriteriaId\":\"06458D9A-4AB2-4B8A-8902-D2A285801347\"}]}]}],\"references\":[{\"url\":\"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://java.sun.com/javase/6/webnotes/6u17.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36139\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36157\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36434\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/36739\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42467\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200912-01.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1874\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:197\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:258\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1207.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1432.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515055/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id?1022631\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-810-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2085\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3126\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/810-2/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.debian.org/security/2009/dsa-1888\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://java.sun.com/j2se/1.5.0/ReleaseNotes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://java.sun.com/javase/6/webnotes/6u17.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/36669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/36739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/42467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200912-01.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1207.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1432.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/515055/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id?1022631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-810-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/3126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/810-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.debian.org/security/2009/dsa-1888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.