[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-3532Date: (C)2008-08-08   (M)2023-12-22


The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-30553
SECUNIA-31390
SECUNIA-32859
SECUNIA-33102
ADV-2008-2318
MDVSA-2009:025
RHSA-2008:1023
USN-675-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patch
http://developer.pidgin.im/attachment/ticket/6500/nss_add_rev.patch
http://developer.pidgin.im/ticket/6500
http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm
oval:org.mitre.oval:def:10979
oval:org.mitre.oval:def:18327
pidgin-ssl-spoofing(44220)

CPE    1
cpe:/a:pidgin:pidgin:2.4.3
CWE    1
CWE-310
OVAL    3
oval:org.secpod.oval:def:16928
oval:org.secpod.oval:def:300610
oval:org.secpod.oval:def:300498

© SecPod Technologies