QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1094

Published: Mar 16, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_VUPEN

https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7

x_refsource_CONFIRM

[oss-security] 20110308 KDE SSL name check issue

mailing-list

x_refsource_MLIST

kdelibs-ssl-security-bypass(65986)

vdb-entry

x_refsource_XF

[oss-security] 20110308 Re: KDE SSL name check issue

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.