Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2010-3901

Published: 14/10/2010 Updated: 14/10/2010
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Openconnect

Vulnerability Summary

OpenConnect prior to 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle malicious users to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.

Vulnerable Product Search on Vulmon Subscribe to Product

infradead openconnect 1.00

infradead openconnect

infradead openconnect 1.20

infradead openconnect 1.30

infradead openconnect 1.10

References

CWE-20http://www.infradead.org/openconnect.htmlhttp://www.openwall.com/lists/oss-security/2010/08/02/7http://www.openwall.com/lists/oss-security/2010/08/01/1https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook