CVE-2009-2973

Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

Published: Aug 27, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2973
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
google / chrome	0.3.154.3	0.3.154.3.x
google / chrome	0.2.149.30	0.2.149.30.x
google / chrome	0.4.154.31	0.4.154.31.x
google / chrome	1.0.154.39	1.0.154.39.x
google / chrome	1.0.154.59	1.0.154.59.x
google / chrome	0.2.149.27	0.2.149.27.x
google / chrome	1.0.154.53	1.0.154.53.x
google / chrome	0.4.154.33	0.4.154.33.x
google / chrome	1.0.154.43	1.0.154.43.x
google / chrome	1.0.154.42	1.0.154.42.x
google / chrome	2.0.172.33	2.0.172.33.x
google / chrome	1.0.154.52	1.0.154.52.x
google / chrome	2.0.157.2	2.0.157.2.x
google / chrome	0.4.154.18	0.4.154.18.x
google / chrome	0.2.149.29	0.2.149.29.x
google / chrome	2.0.157.0	2.0.157.0.x
google / chrome	0.2.152.1	0.2.152.1.x
google / chrome	0.3.154.0	0.3.154.0.x
google / chrome	0.2.153.1	0.2.153.1.x
google / chrome	1.0.154.36	1.0.154.36.x
google / chrome	2.0.172	2.0.172.x
google / chrome	-	2.0.172.37.x
google / chrome	2.0.172.30	2.0.172.30.x
google / chrome	2.0.156.1	2.0.156.1.x
google / chrome	1.0.154.46	1.0.154.46.x
google / chrome	0.4.154.22	0.4.154.22.x
google / chrome	2.0.159.0	2.0.159.0.x
google / chrome	2.0.158.0	2.0.158.0.x
google / chrome	2.0.172.31	2.0.172.31.x
google / chrome	1.0.154.48	1.0.154.48.x

Vulnerability Database

CVE-2009-2973

Deep Security Visibility Without the Complexity