{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-11-16T19:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mpop.sourceforge.net/news.html"}, {"name": "37312", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37312"}, {"name": "ADV-2009-3225", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3225"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3941", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://mpop.sourceforge.net/news.html", "refsource": "CONFIRM", "url": "http://mpop.sourceforge.net/news.html"}, {"name": "37312", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37312"}, {"name": "ADV-2009-3225", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3225"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.505Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mpop.sourceforge.net/news.html"}, {"name": "37312", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37312"}, {"name": "ADV-2009-3225", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3225"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3941", "datePublished": "2009-11-16T19:00:00.000Z", "dateReserved": "2009-11-16T00:00:00.000Z", "dateUpdated": "2024-09-17T00:51:11.160Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:martin_lambers:mpop:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A334487-BFC7-4BD3-A41C-B4A7A03FD688", "versionEndIncluding": "1.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F3D33CFC-B3AD-447D-9ED7-B9EB56F37963", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1101564-6C93-4116-8286-423ECF1CE1F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "52F89E31-4C4F-4596-8BDB-DD6AA202A66B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "13B423FE-A656-4E05-8E56-ADA3BB25055C", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A4533F4B-B737-4AE8-8BE4-52F18AC81CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "73161FA8-6BDB-480A-959A-FE75A0A094A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D831D74-1D1A-43BF-989C-CA2541B34F2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA886F91-162A-4272-A854-E4C2ABA1880F", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C73DAC9F-AF34-412B-8483-BD642E9AD7CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E5F1142-E4BC-4AC4-AB85-33A5AC35D7A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "03C05F7D-BA83-44D4-8E47-45CF339EFB63", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A312B4E-F43D-4649-A8F8-811657D5D6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E9BD996-6003-4ACA-A661-810018EF750D", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "15117F01-79FF-47A7-8D1E-BA1F8E96A1ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB4C433A-9796-4C11-8B3F-DD93191B200F", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "C63DB55C-3454-4E28-9BE3-6E2AF7F0C2C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "DBAF238F-6E35-4C79-BA57-9DFBCE1F32DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "09FB5DCD-94E2-469E-83E8-E7489DFECF28", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "813E3390-A91A-440E-947F-98777CF0C008", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "83BAB091-5DF5-48D1-B12F-FAA7AE304BAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "832106E3-7743-412D-B92E-CF8F4AFD630E", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "29EA91C5-EAD8-476C-A198-3BB9D11DF47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "00E17910-D6CC-4AE3-B119-90798F441338", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "7DE2045F-C0EB-433F-8D44-7B257AF1A976", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD03AAD4-18CE-4109-B63E-F0447AD5D57E", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F60C96B3-834A-467E-B823-56F95AC53394", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2BC5660E-D2FB-4D73-8D45-BC92388CFA6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EF5CED20-DF1C-4172-ABC4-BB8C88A59D71", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B75E57F-D5A5-4925-95A1-7680D9A186C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E71A841C-1ED3-4634-8BA4-5F0A50CB6636", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CE437EFD-6F1F-4946-91A7-E198DDC70693", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "94F9FEC8-15D0-4327-975F-359A595A10B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "6AD2F2D6-BD1A-4413-9499-B45352AE5D2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "2011EBF2-DAF7-4F9A-861E-8C7CB01E9620", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "894E6D56-3A5F-49DC-B99D-2148B548335B", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "6DF077CF-E698-4506-8AD8-B339166298BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "6D879455-E7E1-448C-A425-E9C576540E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "68D38E74-A95C-4009-AEBD-3575A98824AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "3B8B0B5D-9932-4924-B0C9-C10B8EA46F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "A0432B82-D516-4771-9D2E-684CA81A5680", "vulnerable": true}, {"criteria": "cpe:2.3:a:martin_lambers:mpop:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "F6A767CC-D28E-497E-9CB5-DE930304C7C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."}, {"lang": "es", "value": "Martin Lambers mpop versiones anteriores a v1.4.19, cuando usa OpenSSL, no maneja adecuadamente un car\u00e1cter '\\0' en un nombre de dominio (1) en el campo nombre com\u00fan del sujeto o (2) en el campo nombre alternativo del sujeto de un certificado X.509, permitiendo que atacantes de hombre en medio (man-in-the-middle) suplantar a servidores SSL de su elecci\u00f3n mediante un certificado modificado emitido por una Autoridad de Certificaci\u00f3n leg\u00edtima, estando relacionado con el CVE-2009-2408."}], "id": "CVE-2009-3941", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-16T19:30:01.047", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://mpop.sourceforge.net/news.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37312"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3225"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://mpop.sourceforge.net/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3225"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mpop NULL character certificate flaw", "id": "537927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=537927"}, "csaw": false, "details": ["Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."], "name": "CVE-2009-3941", "public_date": "2009-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3941"], "threat_severity": "Moderate"}

{}