Lucene search
Ubuntu.comUB:CVE-2011-3367HistoryNov 29, 2011 - 12:00 a.m.
CVE-2011-3367
2011-11-2900:00:00
ubuntu.com
ubuntu.com
8
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.3%
Arora, possibly 0.11 and other versions, does not use a certain font when
rendering certificate fields in a security dialog, which allows remote
attackers to spoof the common name (CN) of a certificate via rich text.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | no updates for this issue as of 2011-10-14 while there are non-escaped strings, they are only used when QT is compiled without SSL support, and all versions of Ubuntu compile QT with SSL support. |
Related
openvas
openvas
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
2011-12-15 00:00:00
Fedora Update for arora FEDORA-2011-14756
2011-12-16 00:00:00
Fedora Update for arora FEDORA-2011-14756
2011-12-16 00:00:00
nessus
nessus
Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)
2011-12-13 00:00:00
Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)
2011-12-15 00:00:00
GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: arora-0.11.0-3.fc16
2011-12-12 21:58:37
[SECURITY] Fedora 15 Update: arora-0.11.0-3.fc15
2011-12-14 23:35:18
prion
prion
Design/Logic Flaw
2011-11-29 17:55:00
cve
cve
CVE-2011-3367
2011-11-29 17:55:00
securityvulns
securityvulns
UI spoofing in different QT applications
2011-10-10 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.3%
Related for UB:CVE-2011-3367