Veracode Vulnerability DatabaseVERACODE:24286Spoofing Attack
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
w3m is vulnerable to spoofing attack. It was discovered that w3m is affected by the previously published “null prefix attack”, caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake.
| CPE | Name | Operator | Version |
|---|---|---|---|
| w3m | eq | 0.5.1__15.el5 | |
| w3m | eq | 0.5.1__15.el5 |
References
lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
osvdb.org/65538
secunia.com/advisories/40134
secunia.com/advisories/40733
www.openwall.com/lists/oss-security/2010/06/14/4
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2010-0565.html
www.securityfocus.com/bid/40837
www.securitytracker.com/id?1024252
www.vupen.com/english/advisories/2010/1467
www.vupen.com/english/advisories/2010/1879
www.vupen.com/english/advisories/2010/1928
access.redhat.com/errata/RHSA-2010:0565
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P