Published: 16/03/2011 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs prior to 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat kdelibs
redhat kdelibs 3.5.10
redhat kdelibs 3.5.9
redhat kdelibs 3.5.2

An attacker could send crafted input to Konqueror to view sensitive information ...

CWE-20 http://openwall.com/lists/oss-security/2011/03/08/13 http://openwall.com/lists/oss-security/2011/03/08/20 https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7 http://www.securityfocus.com/bid/46789 http://www.mandriva.com/security/advisories?name=MDVSA-2011:071 http://www.ubuntu.com/usn/USN-1110-1 http://secunia.com/advisories/44108 http://www.vupen.com/english/advisories/2011/0990 http://www.vupen.com/english/advisories/2011/0913 https://exchange.xforce.ibmcloud.com/vulnerabilities/65986 https://usn.ubuntu.com/1110-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-1094

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect