CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2010-1155
https://notcve.org/view.php?id=CVE-2010-1155
Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. Irssi anterior v0.8.15, cuando usa SSL, no verifica que el servidor de nombres coincide con un nombre de dominio en el campo "subject" del Common Name (CN) o en un campo Subject Alternative Name del certifiado X.509, lo que permite a atacantes man-in-the-middel falsificar servidores IRC a través de un certificado de su elección. • http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab http://irssi.org/news http://irssi.org/news/ChangeLog http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://marc.info/?l=oss-security&m=127098845125270&w=2 http://marc.info/?l=oss-security&m=127110132019166&w=2 http://marc.info/?l=oss-security&m=127116251220784&w=2 http://marc.info/?l=oss- • CWE-20: Improper Input Validation •