Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2011-1775

Published: 26/05/2011 Updated: 13/02/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Tigervnc

Vulnerability Summary

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle malicious users to spoof a TLS VNC server via an arbitrary certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

tigervnc tigervnc 1.1

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=702470https://bugzilla.redhat.com/show_bug.cgi?id=702672http://openwall.com/lists/oss-security/2011/05/09/7http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060567.htmlhttp://openwall.com/lists/oss-security/2011/05/06/2http://www.securityfocus.com/bid/47738http://secunia.com/advisories/44939http://www.redhat.com/support/errata/RHSA-2011-0871.htmlhttp://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.htmlhttp://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.htmlhttp://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook