CVE Vulnerabilities

CVE-2009-2973

Published: Aug 27, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

Affected Software

Name Vendor Start Version End Version
Chrome Google 0.2.149.27 0.2.149.27
Chrome Google 0.2.149.29 0.2.149.29
Chrome Google 0.2.149.30 0.2.149.30
Chrome Google 0.2.152.1 0.2.152.1
Chrome Google 0.2.153.1 0.2.153.1
Chrome Google 0.3.154.0 0.3.154.0
Chrome Google 0.3.154.3 0.3.154.3
Chrome Google 0.4.154.18 0.4.154.18
Chrome Google 0.4.154.22 0.4.154.22
Chrome Google 0.4.154.31 0.4.154.31
Chrome Google 0.4.154.33 0.4.154.33
Chrome Google 1.0.154.36 1.0.154.36
Chrome Google 1.0.154.39 1.0.154.39
Chrome Google 1.0.154.42 1.0.154.42
Chrome Google 1.0.154.43 1.0.154.43
Chrome Google 1.0.154.46 1.0.154.46
Chrome Google 1.0.154.48 1.0.154.48
Chrome Google 1.0.154.52 1.0.154.52
Chrome Google 1.0.154.53 1.0.154.53
Chrome Google 1.0.154.59 1.0.154.59
Chrome Google 2.0.156.1 2.0.156.1
Chrome Google 2.0.157.0 2.0.157.0
Chrome Google 2.0.157.2 2.0.157.2
Chrome Google 2.0.158.0 2.0.158.0
Chrome Google 2.0.159.0 2.0.159.0
Chrome Google 2.0.172 2.0.172
Chrome Google 2.0.172.30 2.0.172.30
Chrome Google 2.0.172.31 2.0.172.31
Chrome Google 2.0.172.33 2.0.172.33
Chrome Google * 2.0.172.37

References