Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-2074

Published: 16/06/2010 Updated: 09/09/2010
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to W3m

Vulnerability Summary

istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Vulnerable Product Search on Vulmon Subscribe to Product

w3m w3m 0.5.2

Vendor Advisories

Red Hat: Moderate: w3m security update
Synopsis Moderate: w3m security update Type/Severity Security Advisory: Moderate Topic Updated w3m packages that fix one security issue are now available for RedHat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scoring S ...
Debian CVElist Bug Report Logs: CVE-2010-2074
Debian Bug report logs - #587445 CVE-2010-2074 Package: w3m; Maintainer for w3m is Tatsuya Kinoshita <tats@debianorg>; Source for w3m is src:w3m (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 28 Jun 2010 17:33:02 UTC Severity: grave Tags: patch, security Fixed in version w3m/05 ...
Ubuntu Security Notice: w3m vulnerability
The web browser w3m does not properly validate SSL/TLS certificates ...

References

CWE-20http://secunia.com/advisories/40134http://www.openwall.com/lists/oss-security/2010/06/14/4http://www.vupen.com/english/advisories/2010/1467http://www.securityfocus.com/bid/40837http://osvdb.org/65538http://secunia.com/advisories/40733http://www.vupen.com/english/advisories/2010/1928http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.htmlhttp://www.vupen.com/english/advisories/2010/1879http://www.redhat.com/support/errata/RHSA-2010-0565.htmlhttp://www.securitytracker.com/id?1024252http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttps://access.redhat.com/errata/RHSA-2010:0565https://usn.ubuntu.com/967-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook