QwikSec

Security Database

CVE

CWE

Training

CVE-2010-5076

Published: Jun 29, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e

x_refsource_CONFIRM

http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt

x_refsource_MISC

https://bugreports.qt-project.org/browse/QTBUG-4455

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.