Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.

  • Published: Mar 16, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-1094
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
redhat / kdelibs - 4.6.x
redhat / kdelibs 3.5.10 3.5.10.x
redhat / kdelibs 3.5.2 3.5.2.x
redhat / kdelibs 3.5.9 3.5.9.x