[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0744Date: (C)2010-04-20   (M)2023-12-22


aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://seclists.org/bugtraq/2009/Jun/239
BID-35507
SECUNIA-35621
SECUNIA-39796
ADV-2010-1109
FEDORA-2010-7373
FEDORA-2010-7378
http://www.openwall.com/lists/oss-security/2010/03/10/4
http://www.openwall.com/lists/oss-security/2010/04/01/4
http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/?view=log&pathrev=11991
http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/proxy.tcl?r1=11886&r2=11991&pathrev=11991
http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/sip.tcl?r1=11953&r2=11991&pathrev=11991
http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/soap.tcl?r1=11891&r2=11991&pathrev=11991
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572818
http://www.opensource-archive.org/showthread.php?p=183821

CWE    1
CWE-287
OVAL    3
oval:org.secpod.oval:def:100419
oval:org.secpod.oval:def:101139
oval:org.secpod.oval:def:101113

© SecPod Technologies