CVE-2010-2074 – w3m: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2010-2074
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. istream.c en w3m v0.5.2 y posiblemente otras versiones, cuando ssl_verify_server está activado, no maneja adecuadamente el carácter '\0' en un nombre de dominio en el (1) subject's Common Name o (2) Subject Alternative Name field de un certificado X.509, lo que permite a atacantes en el medio (Man-in-the-middle) suplantar a servidores SSL a través de certificados manipulados enviados por una Autoridad de Certificación legítima. Tema relacionado con el CVE-2009-2408. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://osvdb.org/65538 http://secunia.com/advisories/40134 http://secunia.com/advisories/40733 http://www.openwall.com/lists/oss-security/2010/06/14/4 http://www.redhat.com/support/errata/RHSA-2010-0565.html http://www.securityfocus.com/bid/40837 http://www.securitytracker.com/id?1024252 http://www.vupen.com/english/advis • CWE-20: Improper Input Validation •
CVE-2006-6772
https://notcve.org/view.php?id=CVE-2006-6772
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL. Vulnerabilidad de cadena de formato en la función inputAnswer en file.c de w3m 0.5.2, cuando se ejecuta con la opción de volcado (dump) o backend, permite a atacantes remotos ejecutar código de su elección mediante especificadores de cadena de formato en el campo Nombre Común (Common Name o CN) de un certificado SSL. • http://fedoranews.org/cms/node/2415 http://fedoranews.org/cms/node/2416 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html http://secunia.com/advisories/23492 http://secunia.com/advisories/23588 http://secunia.com/advisories/23717 http://secunia.com/advisories/23773 http://secunia.com/advisories/23792 http://security.gentoo.org/glsa/glsa-200701-06.xml http://securitytracker.com/id?1017440 http://sourceforge.net/tracker/index.php?func=detail&aid=16 • CWE-134: Use of Externally-Controlled Format String •
CVE-2002-1348
https://notcve.org/view.php?id=CVE-2002-1348
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies. w3m anteriores a 0.3.2.2 no escapan adecuadamente las etiquetas HTML en el atributo ALT de una etiqueta IMG, lo que podría permitir a atacantes remotos acceder ficheros o cookies • http://marc.info/?l=bugtraq&m=104552193927323&w=2 http://sourceforge.net/project/shownotes.php?release_id=126233 http://www.debian.org/security/2003/dsa-249 http://www.debian.org/security/2003/dsa-250 http://www.debian.org/security/2003/dsa-251 http://www.iss.net/security_center/static/11266.php http://www.redhat.com/support/errata/RHSA-2003-044.html http://www.redhat.com/support/errata/RHSA-2003-045.html http://www.securityfocus.com/bid/6794 https://access •
CVE-2002-1335
https://notcve.org/view.php?id=CVE-2002-1335
Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies. Vulnerabilidad de scripting en sitios cruzados (XSS) en w3m 0.3.2 permite a atacantes remotos insertar HTML arbitrario y script web en marcos. • http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200211.month/838.html http://secunia.com/advisories/8015 http://secunia.com/advisories/8016 http://secunia.com/advisories/8031 http://secunia.com/advisories/8053 http://sourceforge.net/project/shownotes.php?release_id=124484 http://www.debian.org/security/2003/dsa-249 http://www.debian.org/security/2003/dsa-250 http://www.debian.org/security/2003/dsa-251 http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.00 •
CVE-2001-0700 – W3M 0.1/0.2 - Malformed MIME Header Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0700
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. • https://www.exploit-db.com/exploits/20941 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000434 http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html http://www.debian.org/security/2001/dsa-064 http://www.debian.org/security/2001/dsa-081 http://www.securityfocus.com/archive/1/192371 http://www.securityfocus.com/bid/2895 https://exchange.xforce.ibmcloud.com/vulnerabilities/6725 •