kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs prior to 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat kdelibs |
||
redhat kdelibs 3.5.10 |
||
redhat kdelibs 3.5.9 |
||
redhat kdelibs 3.5.2 |