CVE-2009-2973

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

🔗 References (10)

• cve@mitrehttp://code.google.com/p/chromium/issues/detail?id=18725
• cve@mitrehttp://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
• cve@mitrehttp://secunia.com/advisories/36417
• cve@mitrehttp://www.vupen.com/english/advisories/2009/2420
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/52903
• af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/chromium/issues/detail?id=18725
• af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36417
• af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2420
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/52903