fkie_nvd - fkie_cve-2009-4028

FKIE_CVE-2009-4028

Vulnerability from fkie_nvd - Published: 2009-11-30 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

References

URL	Tags
secalert@redhat.com	http://bugs.mysql.com/47320
secalert@redhat.com	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
secalert@redhat.com	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
secalert@redhat.com	http://lists.mysql.com/commits/87446	Exploit
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
secalert@redhat.com	http://marc.info/?l=oss-security&m=125881733826437&w=2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2009/11/19/3
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2009/11/23/16
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0109.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1107	Vendor Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510
af854a3a-2127-422b-91ae-364da2661108	http://bugs.mysql.com/47320
af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
af854a3a-2127-422b-91ae-364da2661108	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.mysql.com/commits/87446	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=125881733826437&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/11/19/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/11/23/16
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0109.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510

Impacted products

Vendor	Product	Version
mysql	mysql	*
mysql	mysql	5.0.0
mysql	mysql	5.0.1
mysql	mysql	5.0.2
mysql	mysql	5.0.3
mysql	mysql	5.0.4
mysql	mysql	5.0.5
mysql	mysql	5.0.5.0.21
mysql	mysql	5.0.10
mysql	mysql	5.0.15
mysql	mysql	5.0.16
mysql	mysql	5.0.17
mysql	mysql	5.0.20
mysql	mysql	5.0.22.1.0.1
mysql	mysql	5.0.24
mysql	mysql	5.0.30
mysql	mysql	5.0.36
mysql	mysql	5.0.44
mysql	mysql	5.0.54
mysql	mysql	5.0.56
mysql	mysql	5.0.60
mysql	mysql	5.0.66
mysql	mysql	5.0.82
mysql	mysql	5.0.84
mysql	mysql	5.1.5
mysql	mysql	5.1.23
mysql	mysql	5.1.31
mysql	mysql	5.1.32
mysql	mysql	5.1.34
mysql	mysql	5.1.37
oracle	mysql	5.0.0
oracle	mysql	5.0.3
oracle	mysql	5.0.6
oracle	mysql	5.0.7
oracle	mysql	5.0.8
oracle	mysql	5.0.11
oracle	mysql	5.0.12
oracle	mysql	5.0.13
oracle	mysql	5.0.14
oracle	mysql	5.0.18
oracle	mysql	5.0.19
oracle	mysql	5.0.21
oracle	mysql	5.0.22
oracle	mysql	5.0.23
oracle	mysql	5.0.25
oracle	mysql	5.0.26
oracle	mysql	5.0.27
oracle	mysql	5.0.30
oracle	mysql	5.0.32
oracle	mysql	5.0.33
oracle	mysql	5.0.37
oracle	mysql	5.0.38
oracle	mysql	5.0.41
oracle	mysql	5.0.42
oracle	mysql	5.0.45
oracle	mysql	5.0.50
oracle	mysql	5.0.51
oracle	mysql	5.0.52
oracle	mysql	5.0.75
oracle	mysql	5.0.77
oracle	mysql	5.0.81
oracle	mysql	5.0.83
oracle	mysql	5.0.85
oracle	mysql	5.0.86
oracle	mysql	5.1
oracle	mysql	5.1.1
oracle	mysql	5.1.2
oracle	mysql	5.1.3
oracle	mysql	5.1.4
oracle	mysql	5.1.6
oracle	mysql	5.1.7
oracle	mysql	5.1.8
oracle	mysql	5.1.9
oracle	mysql	5.1.10
oracle	mysql	5.1.11
oracle	mysql	5.1.12
oracle	mysql	5.1.13
oracle	mysql	5.1.14
oracle	mysql	5.1.15
oracle	mysql	5.1.16
oracle	mysql	5.1.17
oracle	mysql	5.1.18
oracle	mysql	5.1.19
oracle	mysql	5.1.20
oracle	mysql	5.1.21
oracle	mysql	5.1.22
oracle	mysql	5.1.23
oracle	mysql	5.1.24
oracle	mysql	5.1.25
oracle	mysql	5.1.26
oracle	mysql	5.1.27
oracle	mysql	5.1.28
oracle	mysql	5.1.29
oracle	mysql	5.1.30
oracle	mysql	5.1.31
oracle	mysql	5.1.33
oracle	mysql	5.1.34
oracle	mysql	5.1.35
oracle	mysql	5.1.36
oracle	mysql	5.1.37
oracle	mysql	5.1.38
oracle	mysql	5.1.39
oracle	mysql	5.1.40
oracle	mysql	5.1.40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "749E313A-CD07-40DA-97D6-58F53D62231B",
              "versionEndIncluding": "5.0.87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC198CDB-CAC0-41DD-9FCD-42536E7FE11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77A2761-2B44-4061-9C29-A54F90A1AD83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3AD851-056F-4E57-B85B-4AC5A5A20C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD24EA8C-4FCA-4F40-B2EA-7DFA49432483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "575039BD-A8B6-4459-B5F0-F220A94650EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA03768-74D2-4C5D-ABCF-8A91F9E6C273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B23CB-7535-4EF7-B926-466A5161A0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E686C3-4100-465C-9F45-068580B496E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9F09D8-6FAE-4A5B-AE04-248CD52C5FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB618DB2-6B00-4E99-8232-937D2C51986B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "665E063D-355D-4A5A-A05F-36BF582DE36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "214E3CF9-6362-4F5A-91B7-5E69564F7144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C6CD84-EA5D-451F-AFC3-5F7094F0017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D927706B-565F-4152-8F86-AC85F1AA469F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0291F7-27D9-4634-9DD3-21827C1CC5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D54A38-E7A0-4B89-BBA5-D98D4D7FF3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AFEB8-711B-4DED-A24E-38012F415FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "9369CF20-D05C-41A2-8F9E-DE259FCF9E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DDFA0E-91D5-4B4C-8BB7-58B663D7F94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BED939-3366-4CBF-B6BF-29C0C42E97F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0F7A49-62A2-4201-B6F3-8DB9902A4480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C56D394-4CE1-4237-A681-1474B5436CC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BFBC7B-5C23-4CDB-AE4F-721378C36B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "F68CA8CA-2755-450A-80E2-286A571987F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "6287E2C9-DF38-4E4E-A8E4-6AC6ADDC920D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "19001041-22C4-4D2C-A918-378DACBB1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "6F610D56-6BB6-48FB-B43A-670CE9168500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1668BB5B-E7FB-4430-B8D5-89E308F5DD39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F44DA1-1509-4AC7-AB6B-2B2A834A16AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A2D6DF6-FE5D-428F-BCEB-E7832C2B4FE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56ACB60-EC2C-45AF-B923-B3A90A2F7AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C52D66-3BCA-4854-BF09-CB6DF1AC0E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF54CC8D-B736-461D-B693-686E862EF969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5EADE4-9E1B-4A1C-B3B5-ACF1287A19E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "053ACE9B-A146-42C0-ADB2-47F6119965D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B4F891-2A03-45A8-A49C-7F8B8F7D8407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "69E62AC4-954E-476C-98BE-C138E328AE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B88385C-F5FB-401F-80D5-5BF11CE3C19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA586E2B-A349-47C8-A17C-DA9016C6C3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30CA14C-AE28-4D9A-B53D-B7C28D3BA56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "11873AEA-5D6C-4AC0-915A-8A2869B2EFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "5965032E-5BC0-4E69-B097-F9EE2B24C861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F21A5A-F9C0-4860-80AD-1D3937483F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1435669-9BDA-40D4-BB30-C8AE1C3E7649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EBAE3C-F24D-4935-96BF-9541EC03B8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA95EE27-389A-4068-AAC1-AD64DD6BB006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3E354-4366-46B5-ACD2-E72D0C8320A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C002047-0FB1-4DC6-9108-B4B5AAFAC16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "584C0690-2826-4389-95AD-42048AEE1916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CB85180-0F28-4281-BB59-E3F29BE25C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E96AD6D-3AC1-4232-B0A9-C31E1BF6B169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.0.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "565E57C0-B6B9-4868-8907-B436E5D5C56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58612F4-1CAC-4BFC-A9B2-3D4025F428FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F49A1D-BCA3-4772-8AB3-621CCC997B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F719DD8E-8379-43C3-97F9-DE350E457F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "342BB65B-1358-441C-B59A-1756BCC6414A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8589B1E7-0D6D-44B4-A36E-8225C5D15828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "88FEEE64-899F-4F55-B829-641706E29E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8597F56-BB14-480C-91CD-CAB96A9DDD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4C5C88-95A7-4DDA-BC2F-CAFA47B0D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB2323C-EFE2-407A-9AE9-8717FA9F8625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6341F695-6034-4CC1-9485-ACD3A0E1A079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF5F19-ECD9-457F-89C6-6F0271CF4766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "446DB5E9-EF4C-4A53-911E-91A802AECA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "5829BE6A-BC58-482B-9DA1-04FDD413A7A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D20DF-702B-4F0B-922D-782474A4B663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "73A09785-3CA4-4797-A836-A958DCDC322F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4DE3D79-0966-4E14-9288-7C269A2CEEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "564F6A24-BEB3-4420-A633-8AD54C292436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "047FBCCD-DE7C-41FA-80A3-AD695C643C7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "687CC501-4CB2-4295-86F6-A5E45DEC2D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A718D-AD9D-4AB9-802F-5F5C6309D809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2D4002-FD96-462D-BA55-4624170CAA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A40FE1C-6EB0-4C75-867E-B1F8408E5A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*",
              "matchCriteriaId": "9D7B68A6-13FA-4EAE-8ED0-5940A72A3D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F37486-E91C-47C4-9F53-4CFDBF8C1EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A7D87C-E34C-4595-88D5-CD483B3E8CE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "28103843-D04F-4180-A71D-8DAC4E28C2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FEAE55E-7330-4A5A-A862-8D7E7621EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "848D4621-AFB8-4A12-A20E-4FC9F1774DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "5138E55E-58C1-44B5-A296-A46DF2920DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B9607A-1E58-4471-BEDE-03484A1E9739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "FD25674A-B158-4770-B269-A9A039C79A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDCB266F-E642-4447-8B9C-A58ED4D29227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "8FF8582D-3AB5-4F16-AD52-ED5D0CE10120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB79189C-344C-4D5D-A8D8-C3852F7BCFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A48A7A-8DE5-4278-AD0B-4736B45DF337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F828A5AD-5EA5-4B02-8BD4-0B2A109342F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E9C1C2-3F7E-4447-92B8-8D4F2A623812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "25A6FDB0-A86C-4312-AB75-C2A942315DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47B75E9-46C7-45D9-86FA-CBD2B2F853BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "042A36D5-A5CE-4DAF-B0CA-2F7F6FEB2D37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n vio_verify_callback en vio_verify_callback de MySQL v5.0.x anteriores a v5.0.88 y v5.1.x anteriores a v5.1.41, cuando utiliza OpenSSL, acepta un valor cero para la profundidad de los certificados X.509, permitiendo a atacantes de hombre en medio (man-in-the-middle) suplantar servidores MySQL de su elecci\u00f3n basados en SSL mediante un certificado creado espec\u00edficamente, como se ha demostrado por un certificado presentado por un servidor vinculado con la biblioteca yaSSL."
    }
  ],
  "id": "CVE-2009-4028",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-11-30T17:30:00.327",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.mysql.com/47320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mysql.com/commits/87446"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/11/23/16"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.mysql.com/47320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.mysql.com/commits/87446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/11/23/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-4028 (GCVE-0-2009-4028)

Vulnerability from cvelistv5 – Published: 2009-11-30 17:00 – Updated: 2024-08-07 06:45

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-01…	vendor-advisoryx_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/1107	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2009/11/19/3	mailing-listx_refsource_MLIST
	http://lists.mysql.com/commits/87446	mailing-listx_refsource_MLIST
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html	x_refsource_CONFIRM
	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html	x_refsource_CONFIRM
	http://marc.info/?l=oss-security&m=125881733826437&w=2	mailing-listx_refsource_MLIST
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://bugs.mysql.com/47320	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2009/1…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:8510",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510"
          },
          {
            "name": "RHSA-2010:0109",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "[oss-security] 20091119 mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
          },
          {
            "name": "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.mysql.com/commits/87446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
          },
          {
            "name": "[oss-security] 20091121 CVE Request - MySQL - 5.0.88",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10940",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.mysql.com/47320"
          },
          {
            "name": "[oss-security] 20091123 Re: mysql-5.1.41",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/11/23/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:8510",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510"
        },
        {
          "name": "RHSA-2010:0109",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "[oss-security] 20091119 mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
        },
        {
          "name": "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.mysql.com/commits/87446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
        },
        {
          "name": "[oss-security] 20091121 CVE Request - MySQL - 5.0.88",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125881733826437\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10940",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.mysql.com/47320"
        },
        {
          "name": "[oss-security] 20091123 Re: mysql-5.1.41",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/11/23/16"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-4028",
    "datePublished": "2009-11-30T17:00:00",
    "dateReserved": "2009-11-20T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2009-4028

CVE-2009-4028 (GCVE-0-2009-4028)

Tags

Sightings

Nomenclature