CVE-2011-1775

EPSS 0.56%
Published 26.05.2011 18:55:02
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version1.1 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.656

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060567.html

http://openwall.com/lists/oss-security/2011/05/06/2

http://openwall.com/lists/oss-security/2011/05/09/7

http://secunia.com/advisories/44939

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.html

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.html

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.html

http://www.redhat.com/support/errata/RHSA-2011-0871.html

http://www.securityfocus.com/bid/47738

https://bugzilla.redhat.com/show_bug.cgi?id=702470

https://bugzilla.redhat.com/show_bug.cgi?id=702672

https://nvd.nist.gov/vuln/detail/CVE-2011-1775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1775

EUVD