Vulnerability Description
The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rim | Blackberry Device Software | 4.5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36875Vendor Advisory
- http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552Vendor Advisory
- http://www.securityfocus.com/bid/36528
- http://www.securitytracker.com/id?1022951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53490
- http://secunia.com/advisories/36875Vendor Advisory
- http://www.blackberry.com/btsc/viewContent.do?externalId=KB19552Vendor Advisory
- http://www.securityfocus.com/bid/36528
- http://www.securitytracker.com/id?1022951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53490
FAQ
What is CVE-2009-3477?
CVE-2009-3477 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly han...
How severe is CVE-2009-3477?
CVE-2009-3477 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3477?
Check the references section above for vendor advisories and patch information. Affected products include: Rim Blackberry Device Software.