Описание
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | ignored | end of life |
| lucid | released | 4:4.6.2-0ubuntu5.4 |
| natty | not-affected | 4:4.7.2-0ubuntu6.3 |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | released | 4:4.7.2 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ELSA-2012-0880: qt security and bug fix update (MODERATE)
EPSS
4.3 Medium
CVSS2