[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-5076Date: (C)2012-06-29   (M)2023-12-22


QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-41236
SECUNIA-49604
SECUNIA-49895
RHSA-2012:0880
USN-1504-1
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455

CPE    1
cpe:/a:digia:qt
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:700931
oval:org.secpod.oval:def:202378
oval:org.secpod.oval:def:500833
oval:org.secpod.oval:def:1503854
...

© SecPod Technologies