Описание
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.10.2-1ubuntu2 |
| bionic | not-affected | 2.10.2-1ubuntu2 |
| cosmic | not-affected | 2.10.2-1ubuntu2 |
| devel | not-affected | 2.10.2-1ubuntu2 |
| disco | not-affected | 2.10.2-1ubuntu2 |
| esm-apps/bionic | not-affected | 2.10.2-1ubuntu2 |
| esm-apps/xenial | not-affected | 2.10.2-1ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [2.9.6.1-2ubuntu0.1]] |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.8.8-10 |
| bionic | not-affected | 2.8.8-10 |
| cosmic | not-affected | 2.8.8-10 |
| devel | not-affected | 2.8.8-10 |
| disco | not-affected | 2.8.8-10 |
| esm-apps/bionic | not-affected | 2.8.8-10 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1:0.30.0~git20141005.816798-0ubuntu9 |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2]] |
| esm-infra/xenial | not-affected | 1:0.30.0~git20141005.816798-0ubuntu9 |
| precise | released | 1:0.30.0~git20110821.e2a400-0.2ubuntu4.3 |
| precise/esm | DNE | precise was released [1:0.30.0~git20110821.e2a400-0.2ubuntu4.3] |
| trusty | released | 1:0.30.0~git20131003.d20b8d+really20110821-0.2ubuntu12.2 |
Показывать по
5.8 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
The ssl_do_connect function in common/server.c in HexChat before 2.10. ...
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5.8 Medium
CVSS2
6.5 Medium
CVSS3