CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

CVSS v3.0 5.9 MEDIUM
CVSS v2.0 6.8 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.wired.com/threatlevel/2009/07/kaminsky/	Press/Media Coverage
https://bugzilla.redhat.com/show_bug.cgi?id=510251	Issue Tracking
http://osvdb.org/56723	Broken Link
http://www.vupen.com/english/advisories/2009/2085	Broken Link Vendor Advisory
http://www.ubuntu.com/usn/usn-810-1	Third Party Advisory
http://www.securitytracker.com/id?1022632	Broken Link Third Party Advisory VDB Entry
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html	Vendor Advisory
http://secunia.com/advisories/36139	Broken Link Vendor Advisory
http://secunia.com/advisories/36157	Broken Link Vendor Advisory
http://secunia.com/advisories/36088	Broken Link Vendor Advisory
http://secunia.com/advisories/36125	Broken Link Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:197	Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1207.html	Broken Link
http://isc.sans.org/diary.html?storyid=7003	Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1432.html	Broken Link
http://www.debian.org/security/2009/dsa-1874	Mailing List
http://secunia.com/advisories/36434	Broken Link Vendor Advisory
http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h	Broken Link
http://marc.info/?l=oss-security&m=125198917018936&w=2	Mailing List
http://www.vupen.com/english/advisories/2009/3184	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:217	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:216	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html	Mailing List
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1	Broken Link
http://secunia.com/advisories/37098	Broken Link
http://www.novell.com/linux/security/advisories/2009_48_firefox.html	Broken Link
http://secunia.com/advisories/36669	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751	Broken Link
https://usn.ubuntu.com/810-2/	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:network_security_services::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:suse:linux_enterprise:11.0:-::::::
	cpe:2.3:o:suse:linux_enterprise:10.0:-::::::
	cpe:2.3:o:opensuse:opensuse::::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::

History

14 Feb 2024, 17:21

Information

Published : 2009-07-30 19:30

Updated : 2024-02-14 17:21

NVD link : CVE-2009-2408

Mitre link : CVE-2009-2408

JSON object : View

Products Affected

debian

debian_linux

mozilla

seamonkey
thunderbird
firefox
network_security_services

canonical

ubuntu_linux

suse

linux_enterprise_server
linux_enterprise

opensuse

opensuse

CWE

CWE-295

Improper Certificate Validation

Type	Values Removed	Values Added
First Time		Suse linux Enterprise Server Opensuse opensuse Debian Opensuse Debian debian Linux Canonical Canonical ubuntu Linux Mozilla network Security Services Suse linux Enterprise Suse
References	~~(UBUNTU) http://www.ubuntu.com/usn/usn-810-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/usn-810-1 - Third Party Advisory
References	~~(DEBIAN) http://www.debian.org/security/2009/dsa-1874 -~~	(DEBIAN) http://www.debian.org/security/2009/dsa-1874 - Mailing List
References	~~(MISC) http://www.wired.com/threatlevel/2009/07/kaminsky/ -~~	(MISC) http://www.wired.com/threatlevel/2009/07/kaminsky/ - Press/Media Coverage
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 - Broken Link
References	~~(CONFIRM) http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h -~~	(CONFIRM) http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h - Broken Link
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 - Broken Link
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=510251 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=510251 - Issue Tracking
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 - Broken Link
References	~~(MLIST) http://marc.info/?l=oss-security&m=125198917018936&w=2 -~~	(MLIST) http://marc.info/?l=oss-security&m=125198917018936&w=2 - Mailing List
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/36157 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/36157 - Broken Link, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/37098 -~~	(SECUNIA) http://secunia.com/advisories/37098 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/36434 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/36434 - Broken Link, Vendor Advisory
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/36669 -~~	(SECUNIA) http://secunia.com/advisories/36669 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2009/2085 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2009/2085 - Broken Link, Vendor Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id?1022632 -~~	(SECTRACK) http://www.securitytracker.com/id?1022632 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 -~~	(SUNALERT) http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 - Broken Link
References	~~(OSVDB) http://osvdb.org/56723 -~~	(OSVDB) http://osvdb.org/56723 - Broken Link
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html - Mailing List
References	~~(SECUNIA) http://secunia.com/advisories/36088 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/36088 - Broken Link, Vendor Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1432.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1432.html - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2009/3184 -~~	(VUPEN) http://www.vupen.com/english/advisories/2009/3184 - Broken Link
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1207.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1207.html - Broken Link
References	~~(MISC) http://isc.sans.org/diary.html?storyid=7003 -~~	(MISC) http://isc.sans.org/diary.html?storyid=7003 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/36125 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/36125 - Broken Link, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/36139 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/36139 - Broken Link, Vendor Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/810-2/ -~~	(UBUNTU) https://usn.ubuntu.com/810-2/ - Broken Link
References	~~(SUSE) http://www.novell.com/linux/security/advisories/2009_48_firefox.html -~~	(SUSE) http://www.novell.com/linux/security/advisories/2009_48_firefox.html - Broken Link
CVSS	v2 : ~~6.8~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 5.9
CPE	cpe:2.3:a:mozilla:firefox:1.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:::::::* cpe:2.3:a:mozilla:firefox:2.0_.5:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.20:::::::* cpe:2.3:a:mozilla:firefox:3.0.3:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::* cpe:2.3:a:mozilla:firefox:3.2:beta3:::::: cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.2:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::* cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:beta:::::: cpe:2.3:a:mozilla:firefox:1.5.8:::::::* cpe:2.3:a:mozilla:firefox:1.5:beta2:::::: cpe:2.3:a:mozilla:thunderbird:2.0.0.13:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::* cpe:2.3:a:mozilla:firefox:2.0:rc2:::::: cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:3.0:beta5:::::: cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::* cpe:2.3:a:mozilla:firefox:3.0.11:::::::* cpe:2.3:a:mozilla:firefox:2.0_.4:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::* cpe:2.3:a:mozilla:firefox:3.0.12:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::* cpe:2.3:a:mozilla:nss:3.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.20:::::::* cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::* cpe:2.3:a:mozilla:firefox:2.0:rc3:::::: cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:beta1:::::: cpe:2.3:a:mozilla:firefox:3.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.0.6::linux::::: cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:1.0.8:::::::* cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::* cpe:2.3:a:mozilla:firefox:2.0_.7:::::::* cpe:2.3:a:mozilla:nss:3.6:::::::* cpe:2.3:a:mozilla:firefox:2.0:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::* cpe:2.3:a:mozilla:firefox:2.0_.6:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.5:::::::* cpe:2.3:a:mozilla:firefox:3.0.9:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:3.0.6:::::::* cpe:2.3:a:mozilla:firefox:3.2:beta1:::::: cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.19:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::* cpe:2.3:a:mozilla:nss:3.11.7:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.1:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:3.1:beta1:::::: cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::* cpe:2.3:a:mozilla:nss:3.11.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:beta:::::: cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.4:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.6:::::::* cpe:2.3:a:mozilla:firefox:2.0_.1:::::::* cpe:2.3:a:mozilla:firefox:3.0:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.1:alpha:::::: cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::* cpe:2.3:a:mozilla:firefox:2.0_.10:::::::* cpe:2.3:a:mozilla:firefox:3.0.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::* cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::* cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::* cpe:2.3:a:mozilla:firefox:2.0_8:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.19:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:3.0.8:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.15:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.7:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::* cpe:2.3:a:mozilla:firefox:3.0.10:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:2.0:beta1:::::: cpe:2.3:a:mozilla:firefox:3.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.21:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::* cpe:2.3:a:mozilla:nss:::::::: cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::* cpe:2.3:a:mozilla:nss:3.4:::::::* cpe:2.3:a:mozilla:nss:3.11.4:::::::* cpe:2.3:a:mozilla:firefox:3.0.2:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.18:::::::* cpe:2.3:a:mozilla:nss:3.11.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::* cpe:2.3:a:mozilla:firefox:3.0.4:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::* cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::* cpe:2.3:a:mozilla:firefox:3.0:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.21:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:3.0:beta2:::::: cpe:2.3:a:mozilla:firefox:1.4.1:::::::* cpe:2.3:a:mozilla:firefox:2.0:beta_1:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:1.8:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:::::: cpe:2.3:a:mozilla:firefox::beta2::::::* cpe:2.3:a:mozilla:thunderbird:2.0.0.11:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:2.0_.9:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::* cpe:2.3:a:mozilla:firefox:3.0beta5:::::::*	cpe:2.3:o:suse:linux_enterprise:10.0:-:::::: cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:network_security_services:::::::: cpe:2.3:o:suse:linux_enterprise_server:9:::::::* cpe:2.3:o:opensuse:opensuse:::::::: cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:suse:linux_enterprise:11.0:-:::::: cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
CWE	~~CWE-20~~	CWE-295

5.9 /10