[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1428Date: (C)2011-03-16   (M)2023-12-22


Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html
SECUNIA-43543
BID-46612
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91
http://savannah.nongnu.org/patch/index.php?7459

CPE    1
cpe:/a:flashtux:weechat
CWE    1
CWE-20
OVAL    3
oval:org.secpod.oval:def:600943
oval:org.secpod.oval:def:102729
oval:org.secpod.oval:def:102911

© SecPod Technologies