Vulnerability Name:

CVE-2010-5076 (CCN-61449)

Assigned:2010-07-14
Published:2010-07-14
Updated:2021-06-16
Summary:QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: QTBUG-4455
SSL wildcard verification too broad

Source: MITRE
Type: CNA
CVE-2010-5076

Source: CONFIRM
Type: Exploit, Patch
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0

Source: CONFIRM
Type: Patch
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e

Source: CCN
Type: Qt Web site
Qt

Source: CCN
Type: RHSA-2012-0880
Moderate: qt security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0880

Source: CCN
Type: SA41236
Qt SSL Certificate IP Address Wildcard Matching Vulnerability

Source: SECUNIA
Type: Vendor Advisory
41236

Source: CCN
Type: SA41237
Network Security Services Certificate IP Address Wildcard Matching Vulnerability

Source: CCN
Type: SA41244
Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability

Source: SECUNIA
Type: Vendor Advisory
49604

Source: SECUNIA
Type: Vendor Advisory
49895

Source: CCN
Type: Google Chrome Web site
Google Chrome

Source: CCN
Type: Microsoft Web site
Internet Explorer

Source: CCN
Type: Mozilla Web site
Network Security Services (NSS)

Source: CCN
Type: OSVDB ID: 67776
Network Security Services (NSS) Certificate IP Address Wildcard Matching Weakness

Source: CCN
Type: BID-42833
Qt SSL Certificate IP Address Wildcard Validation Security Bypass Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1504-1

Source: CCN
Type: wp-10-0001
Multiple Browser Wildcard Cerficate Validation Weakness

Source: MISC
Type: UNKNOWN
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt

Source: CONFIRM
Type: UNKNOWN
https://bugreports.qt-project.org/browse/QTBUG-4455

Source: XF
Type: UNKNOWN
browsers-nss-spoofing(61449)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:digia:qt:*:*:*:*:*:*:*:* (Version <= 4.6.4)
  • OR cpe:/a:qt:qt:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:4.0.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:google:chrome:*:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17910
    P
    		USN-1504-1 -- qt4-x11 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23980
    P
    		ELSA-2012:0880: qt security and bug fix update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:20661
    P
    		RHSA-2012:0880: qt security and bug fix update (Moderate)
    2014-02-24
    oval:com.ubuntu.precise:def:20105076000
    V
    		CVE-2010-5076 on Ubuntu 12.04 LTS (precise) - medium.
    2012-06-29
    oval:com.redhat.rhsa:def:20120880
    P
    		RHSA-2012:0880: qt security and bug fix update (Moderate)
    2012-06-20
    BACK
    digia qt *
    qt qt 4.6.3
    qt qt 4.6.2
    qt qt 4.3.1
    qt qt 4.3.0
    qt qt 4.3.4
    qt qt 4.3.5
    qt qt 4.6.0 rc1
    qt qt 4.5.2
    qt qt 4.4.3
    qt qt 4.3.2
    qt qt 4.2.3
    qt qt 4.0.1
    qt qt 4.1.0
    qt qt 4.1.3
    qt qt 4.1.4
    qt qt 4.1.1
    qt qt 4.1.2
    qt qt 4.2.1
    qt qt 4.1.5
    qt qt 4.3.3
    qt qt 4.4.0
    qt qt 4.4.1
    qt qt 4.5.0
    qt qt 4.5.1
    qt qt 4.4.2
    qt qt 4.6.0
    qt qt 4.5.3
    qt qt 4.6.1
    qt qt 4.2.0
    qt qt 4.0.0
    microsoft ie 6.0
    microsoft ie 7.0
    google chrome *
    mozilla firefox 3.6.6
    mozilla network security services 3.12.6
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6