CVE-2011-1775

EPSS 0.56%
Veröffentlicht 26.05.2011 18:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tigervnc ≫ Tigervnc Version1.1 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.656

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060567.html

http://openwall.com/lists/oss-security/2011/05/06/2

http://openwall.com/lists/oss-security/2011/05/09/7

http://secunia.com/advisories/44939

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01342.html

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01345.html

http://www.mail-archive.com/tigervnc-devel%40lists.sourceforge.net/msg01347.html

http://www.redhat.com/support/errata/RHSA-2011-0871.html

http://www.securityfocus.com/bid/47738

https://bugzilla.redhat.com/show_bug.cgi?id=702470

https://bugzilla.redhat.com/show_bug.cgi?id=702672

https://nvd.nist.gov/vuln/detail/CVE-2011-1775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1775

EUVD