BlackBerry 4.x Dialog Box Certificate Mismatch

Medium Nessus Network Monitor Plugin ID 5189


The remote host is affected by a certificate mismatch vulnerability.


The included browser in versions of BlackBerry OS 4.5.0 before, 4.6.0 before, 4.6.1 before, 4.7.0 before, and 4.7.1 before does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to deceive a user into believing they are accessing a trusted site.


Upgrade the BlackBerry to, or later. If 4.7.x cannot be installed, versions,,, and are also patched for this vulnerability.

See Also

Plugin Details

Severity: Medium

ID: 5189

Published: 2009/09/28

Modified: 2016/01/19

Dependencies: 4545

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.4


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Patch Publication Date: 2009/09/28

Vulnerability Publication Date: 2009/09/28

Reference Information

CVE: CVE-2009-3477

BID: 36528