CVE-2010-5076

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
digiaqt
𝑥
≤ 4.6.4
qtqt
4.0.0
qtqt
4.0.1
qtqt
4.1.0
qtqt
4.1.1
qtqt
4.1.2
qtqt
4.1.3
qtqt
4.1.4
qtqt
4.1.5
qtqt
4.2.0
qtqt
4.2.1
qtqt
4.2.3
qtqt
4.3.0
qtqt
4.3.1
qtqt
4.3.2
qtqt
4.3.3
qtqt
4.3.4
qtqt
4.3.5
qtqt
4.4.0
qtqt
4.4.1
qtqt
4.4.2
qtqt
4.4.3
qtqt
4.5.0
qtqt
4.5.1
qtqt
4.5.2
qtqt
4.5.3
qtqt
4.6.0
qtqt
4.6.0:rc1
qtqt
4.6.1
qtqt
4.6.2
qtqt
4.6.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qt4-x11
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
Fixed 4:4.6.2-0ubuntu5.4
released
hardy
ignored
Common Weakness Enumeration
References
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://secunia.com/advisories/41236
http://secunia.com/advisories/49604
http://secunia.com/advisories/49895
http://www.ubuntu.com/usn/USN-1504-1
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://secunia.com/advisories/41236
http://secunia.com/advisories/49604
http://secunia.com/advisories/49895
http://www.ubuntu.com/usn/USN-1504-1
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455