Unrated severityNVD Advisory· Published Sep 30, 2009· Updated Apr 23, 2026
CVE-2009-3490
CVE-2009-3490
Description
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected products
16cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*range: <=1.11.4
- cpe:2.3:a:gnu:wget:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:wget:1.11.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- secunia.com/advisories/36540nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2498nvdVendor Advisory
- addictivecode.org/pipermail/wget-notify/2009-August/001808.htmlnvd
- hg.addictivecode.org/wget/mainline/rev/1eab157d3be7nvd
- kb.juniper.net/InfoCenter/indexnvd
- marc.infonvd
- marc.infonvd
- permalink.gmane.org/gmane.comp.web.wget.general/8972nvd
- www.securityfocus.com/bid/36205nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11099nvd
News mentions
0No linked articles in our index yet.