CVE-2009-3490

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.12

Description The issue allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For GNU Wget versions prior to 1.12, update to version 1.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSL connections until a patch is available. Avoid using GNU Wget for sensitive operations over SSL until the issue is resolved.