Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-1428

Опубликовано: 16 мар. 2011
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*
Версия до 0.3.4 (включая)
cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00165
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2011-1428

ubuntu
почти 15 лет назад

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

debian логотип

CVE-2011-1428

debian
почти 15 лет назад

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...

github логотип

GHSA-4663-xvr2-gqpr

github
больше 3 лет назад

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

EPSS

Процентиль: 38%
0.00165
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-20