What is the severity of CVE-2009-3490?

CVE-2009-3490 has been classified as a critical severity vulnerability due to its potential to bypass SSL certificate verification.

How do I fix CVE-2009-3490?

To mitigate CVE-2009-3490, upgrade to a version of GNU Wget that is greater than 1.11.4, which addresses this vulnerability.

Who is affected by CVE-2009-3490?

CVE-2009-3490 affects multiple versions of GNU Wget, notably versions ranging from 1.5.3 up to 1.11.4.

What can attackers achieve by exploiting CVE-2009-3490?

Attackers can exploit CVE-2009-3490 to perform man-in-the-middle attacks by misleading users about the authenticity of SSL certificates.

When was CVE-2009-3490 disclosed?

CVE-2009-3490 was disclosed during the Black Hat USA conference in 2009.

Vulnerability/
CVE-2009-3490

medium

6.8

CWE

310

31/8/2009

30/9/2009

7/8/2024

CVE-2009-3490

First published: Mon Aug 31 2009(Updated: )

A method to bypass SSL certificate name vs. host name verification via NUL ('\0') character embedded in X509 certificate's CommonName or subjectAltName was presented at Black Hat USA 2009: <a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike">http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike</a> Similar problem affected wget (from a testing and very quick look at the code, subjectAltNames are not supported, hence only CommonName is a vector). Upstream bug report: <a href="http://savannah.gnu.org/bugs/?27183">http://savannah.gnu.org/bugs/?27183</a> (currently not public) Contents of upstream bug report, leaked via wget-notify list: <a href="http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html">http://addictivecode.org/pipermail/wget-notify/2009-August/001808.html</a> Upstream fixes: <a href="http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d">http://hg.addictivecode.org/wget/mainline/rev/2d8c76a23e7d</a> <a href="http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b">http://hg.addictivecode.org/wget/mainline/rev/f2d2ca32fd1b</a> <a href="http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7">http://hg.addictivecode.org/wget/mainline/rev/1eab157d3be7</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Wget	<=1.11.4
Wget	=1.5.3
Wget	=1.6
Wget	=1.7
Wget	=1.7.1
Wget	=1.8
Wget	=1.8.1
Wget	=1.9
Wget	=1.9.1
Wget	=1.10
Wget	=1.10.1
Wget	=1.10.2
Wget	=1.11
Wget	=1.11.1
Wget	=1.11.2
Wget	=1.11.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-3490?
CVE-2009-3490 has been classified as a critical severity vulnerability due to its potential to bypass SSL certificate verification.
How do I fix CVE-2009-3490?
To mitigate CVE-2009-3490, upgrade to a version of GNU Wget that is greater than 1.11.4, which addresses this vulnerability.
Who is affected by CVE-2009-3490?
CVE-2009-3490 affects multiple versions of GNU Wget, notably versions ranging from 1.5.3 up to 1.11.4.
What can attackers achieve by exploiting CVE-2009-3490?
Attackers can exploit CVE-2009-3490 to perform man-in-the-middle attacks by misleading users about the authenticity of SSL certificates.
When was CVE-2009-3490 disclosed?
CVE-2009-3490 was disclosed during the Black Hat USA conference in 2009.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2009-3490
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/gnu
canonical/wget
version/wget/1.11.4
version/wget/1.5.3
version/wget/1.6
version/wget/1.7
version/wget/1.7.1
version/wget/1.8
version/wget/1.8.1
version/wget/1.9
version/wget/1.9.1
version/wget/1.10
version/wget/1.10.1
version/wget/1.10.2
version/wget/1.11
version/wget/1.11.1
version/wget/1.11.2
version/wget/1.11.3