Published: 08/01/2008 Updated: 08/03/2011

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

QSslSocket in Trolltech Qt 4.3.0 up to and including 4.3.2 does not properly verify SSL certificates, which might make it easier for remote malicious users to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trolltech qsslsocket 4.3.0
trolltech qsslsocket 4.3.1
trolltech qsslsocket 4.3.2

It was discovered that QSslSocket did not properly verify SSL certificates A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=427232 http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00005.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00131.html http://secunia.com/advisories/28228 http://secunia.com/advisories/28321 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://secunia.com/advisories/28636 http://www.mandriva.com/security/advisories?name=MDVSA-2008:042 http://www.securityfocus.com/bid/27112 http://www.ubuntu.com/usn/usn-579-1 http://secunia.com/advisories/28999 http://www.vupen.com/english/advisories/2008/0018 https://usn.ubuntu.com/579-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-5965

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect