CVE-2009-2409

CVE Database · CVE-2009-2409

CVE-2009-2409

· N/AModified

CVSS v3.1

N/A

EPSS

4.51%

Published

Jul 30, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

Weaknesses (CWE)

CWE-295

Affected Products (4)

gnu · gnutls (up to 2.6.4)vulnerable

gnu · gnutls (up to 2.7.4)vulnerable

mozilla · network_security_services (up to 3.12.3)vulnerable

openssl · opensslvulnerable

References (20)

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Patch

http://java.sun.com/javase/6/webnotes/6u17.html

Release Notes