Lucene search

K
nvd[email protected]NVD:CVE-2011-5241
HistoryNov 06, 2012 - 12:21 p.m.

CVE-2011-5241

2012-11-0612:21:27
CWE-20
web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

NVD
Node
services_twitter_groupservices_twitterMatch0.6.3

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

Related for NVD:CVE-2011-5241