Vulnerability Name: | CVE-2011-1094 (CCN-65986) | ||||||||||||||||||||||||
Assigned: | 2011-01-31 | ||||||||||||||||||||||||
Published: | 2011-01-31 | ||||||||||||||||||||||||
Updated: | 2017-08-17 | ||||||||||||||||||||||||
Summary: | kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | ||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||
References: | Source: CCN Type: oss-security: Tomas Hoger | 8 Mar 15:36 KDE SSL name check issue Source: MITRE Type: CNA CVE-2011-1094 Source: CCN Type: KDE Web site K Desktop Environment -Conquer your Desktop! Source: MLIST Type: Patch [oss-security] 20110308 KDE SSL name check issue Source: MLIST Type: Patch [oss-security] 20110308 Re: KDE SSL name check issue Source: CCN Type: RHSA-2011-0464 Moderate: kdelibs security update Source: SECUNIA Type: UNKNOWN 44108 Source: MANDRIVA Type: UNKNOWN MDVSA-2011:071 Source: BID Type: UNKNOWN 46789 Source: CCN Type: BID-46789 KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability Source: UBUNTU Type: UNKNOWN USN-1110-1 Source: VUPEN Type: UNKNOWN ADV-2011-0913 Source: VUPEN Type: UNKNOWN ADV-2011-0990 Source: XF Type: UNKNOWN kdelibs-ssl-security-bypass(65986) Source: XF Type: UNKNOWN kdelibs-ssl-security-bypass(65986) Source: CONFIRM Type: Patch https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7 Source: SUSE Type: SUSE-SR:2011:006 SUSE Security Summary Report | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |