5.8
CVE-2007-6746
- EPSS 0.25%
- Published 21.05.2013 18:55:01
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Telepathy-idle Version <= 0.1.14.1
Canonical ≫ Telepathy-idle Version0.1.10.1
Canonical ≫ Telepathy-idle Version0.1.11.1
Canonical ≫ Telepathy-idle Version0.1.11.2
Canonical ≫ Telepathy-idle Version0.1.12.1
Canonical ≫ Telepathy-idle Version0.1.14
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.454 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.