CVE-2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
redhatkdelibs
𝑥
≤ 4.6
redhatkdelibs
3.5.2
redhatkdelibs
3.5.9
redhatkdelibs
3.5.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde4libs
maverick
Fixed 4:4.5.1-0ubuntu8.1
released
lucid
Fixed 4:4.4.5-0ubuntu1.1
released
karmic
Fixed 4:4.3.2-0ubuntu7.3
released
hardy
ignored
dapper
dne
kdelibs
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored