4.3
CVE-2010-5076
- EPSS 1.4%
- Veröffentlicht 29.06.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:26:05
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.4% | 0.69 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/49895
http://www.ubuntu.com/usn/USN-1504-1
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://secunia.com/advisories/41236
http://secunia.com/advisories/49604
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455