Lucene search

Veracode Vulnerability DatabaseVERACODE:24735

HistoryApr 10, 2020 - 1:03 a.m.

Man-in-the-Middle (MitM)

2020-04-1001:03:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

kdelibs is vulnerable to man-in-the-middle (MitM). The vulnerability exists as a flaw was found in the way kdelibs checked the user specified hostname against the name in the server’s SSL certificate. A man-in-the-middle attacker could use this flaw to trick an application using kdelibs into mistakenly accepting a certificate as if it was valid for the host, if that certificate was issued for an IP address to which the user specified hostname was resolved to.

CPENameOperatorVersion
kdelibseq4.3.4__10.el6
kdelibseq4.3.4__10.el6

CPE	Name	Operator	Version
	kdelibs	eq	4.3.4__10.el6
	kdelibs	eq	4.3.4__10.el6

References

openwall.com/lists/oss-security/2011/03/08/13

openwall.com/lists/oss-security/2011/03/08/20

secunia.com/advisories/44108

www.mandriva.com/security/advisories?name=MDVSA-2011:071

www.securityfocus.com/bid/46789

www.ubuntu.com/usn/USN-1110-1

www.vupen.com/english/advisories/2011/0913

www.vupen.com/english/advisories/2011/0990

access.redhat.com/errata/RHSA-2011:0464

access.redhat.com/security/updates/classification/#moderate

exchange.xforce.ibmcloud.com/vulnerabilities/65986

projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:24735