CVE-2011-1428

Exploit

EPSS 1.08%
Veröffentlicht 16.03.2011 22:55:04
Zuletzt bearbeitet 16.06.2026 23:29:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 35 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flashtux ≫ Weechat Version <= 0.3.4

Flashtux ≫ Weechat Version0.0.1

Flashtux ≫ Weechat Version0.0.2

Flashtux ≫ Weechat Version0.0.3

Flashtux ≫ Weechat Version0.0.4

Flashtux ≫ Weechat Version0.0.5

Flashtux ≫ Weechat Version0.0.6

Flashtux ≫ Weechat Version0.0.7

Flashtux ≫ Weechat Version0.0.8

Flashtux ≫ Weechat Version0.0.9

Flashtux ≫ Weechat Version0.1.0

Flashtux ≫ Weechat Version0.1.1

Flashtux ≫ Weechat Version0.1.2

Flashtux ≫ Weechat Version0.1.3

Flashtux ≫ Weechat Version0.1.4

Flashtux ≫ Weechat Version0.1.5

Flashtux ≫ Weechat Version0.1.6

Flashtux ≫ Weechat Version0.1.7

Flashtux ≫ Weechat Version0.1.8

Flashtux ≫ Weechat Version0.1.9

Flashtux ≫ Weechat Version0.2.0

Flashtux ≫ Weechat Version0.2.1

Flashtux ≫ Weechat Version0.2.2

Flashtux ≫ Weechat Version0.2.3

Flashtux ≫ Weechat Version0.2.4

Flashtux ≫ Weechat Version0.2.5

Flashtux ≫ Weechat Version0.2.6

Flashtux ≫ Weechat Version0.2.6.1

Flashtux ≫ Weechat Version0.2.6.2

Flashtux ≫ Weechat Version0.2.6.3

Flashtux ≫ Weechat Version0.3.0

Flashtux ≫ Weechat Version0.3.1

Flashtux ≫ Weechat Version0.3.1.1

Flashtux ≫ Weechat Version0.3.2

Flashtux ≫ Weechat Version0.3.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.08%	0.608

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html

Exploit

http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91

http://savannah.nongnu.org/patch/index.php?7459

Patch

Exploit

http://secunia.com/advisories/43543

Vendor Advisory

http://www.securityfocus.com/bid/46612

https://nvd.nist.gov/vuln/detail/CVE-2011-1428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1428

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-1428