Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Martin Lambers mpop X.509证书加密问题漏洞
Vulnerability Description
当OpenSSL被使用时,Martin Lambers mpop 1.0.19之前版本没有在X.509证书的(1)对象的一般名称或(2)对象的替代名称中的域名中正确的处理'\0'字符,这使得中间人攻击者可以借助一个特制的由合法的证书颁发机构颁发的证书,欺骗任意的SSL服务器。此漏洞与CVE-2009-2408有关。
CVSS Information
N/A
Vulnerability Type
N/A