w3m vulnerability

2010-08-0900:00:00

ubuntu.com

5.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.0%

JSON

Releases

Ubuntu 10.04
Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04
Ubuntu 6.06

Packages

w3m - WWW browsable pager with excellent tables/frames support w3m-img

Details

Ludwig Nussel discovered w3m does not properly handle SSL/TLS
certificates with NULL characters in the certificate name. An
attacker could exploit this to perform a machine-in-the-middle
attack to view sensitive information or alter encrypted
communications. (CVE-2010-2074)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchw3m< 0.5.2-2ubuntu1.1UNKNOWN
Ubuntu9.10noarchw3m-img< 0.5.2-2ubuntu1.1UNKNOWN
Ubuntu9.04noarchw3m< 0.5.2-2ubuntu0.1UNKNOWN
Ubuntu9.04noarchw3m-img< 0.5.2-2ubuntu0.1UNKNOWN
Ubuntu8.04noarchw3m< 0.5.1-5.1ubuntu1.1UNKNOWN
Ubuntu8.04noarchw3m-img< 0.5.1-5.1ubuntu1.1UNKNOWN
Ubuntu6.06noarchw3m< 0.5.1-4ubuntu2.6.06.1UNKNOWN
Ubuntu6.06noarchw3m-img< 0.5.1-4ubuntu2.6.06.1UNKNOWN
Ubuntu10.04noarchw3m< 0.5.2-2.1ubuntu1.1UNKNOWN
Ubuntu10.04noarchw3m-img< 0.5.2-2.1ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	w3m	< 0.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	9.10	noarch	w3m-img	< 0.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	9.04	noarch	w3m	< 0.5.2-2ubuntu0.1	UNKNOWN
Ubuntu	9.04	noarch	w3m-img	< 0.5.2-2ubuntu0.1	UNKNOWN
Ubuntu	8.04	noarch	w3m	< 0.5.1-5.1ubuntu1.1	UNKNOWN
Ubuntu	8.04	noarch	w3m-img	< 0.5.1-5.1ubuntu1.1	UNKNOWN
Ubuntu	6.06	noarch	w3m	< 0.5.1-4ubuntu2.6.06.1	UNKNOWN
Ubuntu	6.06	noarch	w3m-img	< 0.5.1-4ubuntu2.6.06.1	UNKNOWN
Ubuntu	10.04	noarch	w3m	< 0.5.2-2.1ubuntu1.1	UNKNOWN
Ubuntu	10.04	noarch	w3m-img	< 0.5.2-2.1ubuntu1.1	UNKNOWN