Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stafford.Uklinux libESMTP证书处理中间人攻击漏洞
Vulnerability Description
libesmtp是一款SMTP库,balsa邮件客户端使用了这个库。 libESMTP中的证书处理存在中间人攻击漏洞。libESMTP没有正确处理X.509证书的主题的通用名称(CN)中域名中的“\0”字符,远程中间人攻击者可以通过特制的合法CA颁发的证书进行中间人攻击,欺骗任意SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A