CVE-2011-1428

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2011-1428
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html Exploit
http://www.securityfocus.com/bid/46612
http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91 Patch
http://secunia.com/advisories/43543 Vendor Advisory
http://savannah.nongnu.org/patch/index.php?7459 Exploit Patch
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*
Information

Published : 2011-03-16 15:55

Updated : 2011-03-21 21:00

NVD link : CVE-2011-1428

Mitre link : CVE-2011-1428

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

flashtux

  • weechat