Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5076

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-5076
Last Modified 07 Feb 2013 12:00:00
Published 29 Jun 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5076

Summary

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vulnerable Systems

Application

  • Digia Qt 4.0.0

  • Digia Qt 4.0.1

  • Digia Qt 4.1.0

  • Digia Qt 4.1.1

  • Digia Qt 4.1.2

  • Digia Qt 4.1.3

  • Digia Qt 4.1.4

  • Digia Qt 4.1.5

  • Digia Qt 4.2.0

  • Digia Qt 4.2.1

  • Digia Qt 4.2.3

  • Digia Qt 4.3.0

  • Digia Qt 4.3.1

  • Digia Qt 4.3.2

  • Digia Qt 4.3.3

  • Digia Qt 4.3.4

  • Digia Qt 4.3.5

  • Digia Qt 4.4.0

  • Digia Qt 4.4.1

  • Digia Qt 4.4.2

  • Digia Qt 4.4.3

  • Digia Qt 4.5.0

  • Digia Qt 4.5.1

  • Digia Qt 4.5.2

  • Digia Qt 4.5.3

  • Digia Qt 4.6.0

  • Digia Qt 4.6.1

  • Digia Qt 4.6.2

  • Digia Qt 4.6.3

  • Digia Qt 4.6.4

  • Nokia Qt 4.6.0

  • Nokia Qt 4.6.1

  • Nokia Qt 4.6.2

  • Nokia Qt 4.6.3

  • Nokia Qt 4.6.4


References

CONFIRM - https://bugreports.qt-project.org/browse/QTBUG-4455

MISC - http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt

SECUNIA - 49604

SECUNIA - 41236

REDHAT - RHSA-2012:0880

CONFIRM - http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e

CONFIRM - http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0

UBUNTU - USN-1504-1

SECUNIA - 49895


Last Updated: 27 May 2016 10:47:24