Описание
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:4.7.2-0ubuntu2 |
| hardy | ignored | end of life |
| lucid | released | 4:4.4.5-0ubuntu1.2 |
| maverick | released | 4:4.5.5-0ubuntu2.1 |
| natty | not-affected | 4:4.6.5-0ubuntu1 |
| oneiric | not-affected | 4:4.7.2-0ubuntu1 |
| upstream | released | 4.7.2 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and poss ...
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
ELSA-2011-1385: kdelibs and kdelibs3 security update (MODERATE)
EPSS
4.3 Medium
CVSS2