NVD

Id
13562  
Name
CVE-2010-2074  
Description
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a "" character in a domain name in the (1) subject"s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-06-16  
Modified Date
2010-09-09  
Seq
2010-2074  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
74890 13562 CVE-2010-2074 FEDORA-2010-10369  View
74891 13562 CVE-2010-2074 SUSE-SR:2010:014  View
74892 13562 CVE-2010-2074 [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName  View
74893 13562 CVE-2010-2074 RHSA-2010:0565  View
74894 13562 CVE-2010-2074 40837  View
74895 13562 CVE-2010-2074 1024252  View
74896 13562 CVE-2010-2074 ADV-2010-1467  View
74897 13562 CVE-2010-2074 ADV-2010-1879  View
74898 13562 CVE-2010-2074 ADV-2010-1928  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36063 JVNDB-2010-001843 w3m のistream.c における X.509 証明書の処理に関する任意の SSL サーバになりすまされる脆弱性 w3m のistream.c には、ssl_verify_server を有効にした際、X.509 証明書内の Common Name または、Subject Alternative Name フィールドにある "" 文字を適切に処理しないため任意の SSL サーバになりすまされる脆弱性が存在します。 CVE-2010-2074 44654 CVE-2010-2074 13562 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001843.html 2010-06-16 2010-09-27 View