4.3

CVE-2010-5076

Exploit
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigiaQt Version <= 4.6.4
QtQt Version4.0.0
QtQt Version4.0.1
QtQt Version4.1.0
QtQt Version4.1.1
QtQt Version4.1.2
QtQt Version4.1.3
QtQt Version4.1.4
QtQt Version4.1.5
QtQt Version4.2.0
QtQt Version4.2.1
QtQt Version4.2.3
QtQt Version4.3.0
QtQt Version4.3.1
QtQt Version4.3.2
QtQt Version4.3.3
QtQt Version4.3.4
QtQt Version4.3.5
QtQt Version4.4.0
QtQt Version4.4.1
QtQt Version4.4.2
QtQt Version4.4.3
QtQt Version4.5.0
QtQt Version4.5.1
QtQt Version4.5.2
QtQt Version4.5.3
QtQt Version4.6.0
QtQt Version4.6.0 Updaterc1
QtQt Version4.6.1
QtQt Version4.6.2
QtQt Version4.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.69
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/49895
Vendor Advisory
http://www.ubuntu.com/usn/USN-1504-1
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
Patch
Exploit
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
Patch
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://secunia.com/advisories/41236
Vendor Advisory
http://secunia.com/advisories/49604
Vendor Advisory
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455