Man-in-the-Middle (MitM)

2020-04-1000:53:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

seamonkey is vulnerable to man-in-the-middle attack. A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate’s wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack.

CPENameOperatorVersion
seamonkeyeq1.0.9__0.25.el3
seamonkeyeq1.0.9__0.52.el3
seamonkeyeq1.0.7__0.1.el4
seamonkeyeq1.0.9__52.el4_8
seamonkeyeq1.0.9__15.el4
seamonkeyeq1.0.9__26.el4
seamonkeyeq1.0.5__0.1.el3
seamonkeyeq1.0.9__43.el4_8
seamonkeyeq1.0.9__0.41.el3
seamonkeyeq1.0.9__0.38.el3

Name	Operator	Version
seamonkey	eq	1.0.9__0.25.el3
seamonkey	eq	1.0.9__0.52.el3
seamonkey	eq	1.0.7__0.1.el4
seamonkey	eq	1.0.9__52.el4_8
seamonkey	eq	1.0.9__15.el4
seamonkey	eq	1.0.9__26.el4
seamonkey	eq	1.0.5__0.1.el3
seamonkey	eq	1.0.9__43.el4_8
seamonkey	eq	1.0.9__0.41.el3
seamonkey	eq	1.0.9__0.38.el3