← Retour aux CVEs

CVE-2011-1428

N/A

Description

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

Details CVE

Score CVSS v3.1N/A

Publie3/16/2011

Derniere modification4/29/2026

Sourcenvd

Observations honeypot0

Produits affectes

flashtux:weechat

Faiblesses (CWE)

CWE-20

References

http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html(cve@mitre.org)

http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91(cve@mitre.org)

http://savannah.nongnu.org/patch/index.php?7459(cve@mitre.org)

http://secunia.com/advisories/43543(cve@mitre.org)

http://www.securityfocus.com/bid/46612(cve@mitre.org)

http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html(af854a3a-2127-422b-91ae-364da2661108)

http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91(af854a3a-2127-422b-91ae-364da2661108)

http://savannah.nongnu.org/patch/index.php?7459(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/43543(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/46612(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.