Improper input validation in Redhat Kdelibs

CVE-2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.010 (58.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Kdelibs — versions 3.5.2, 3.5.9, 3.5.10
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch)