CVE-2011-1428
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
Wee Enhanced Environment para Chat (también conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes "man-in-the-middle" falsificar un servidor de chat SSL a través de un certificado de su elección, relacionado con el uso incorrecto de la API GnuTLS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-16 CVE Reserved
- 2011-03-16 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/46612 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html | 2024-09-17 | |
| http://savannah.nongnu.org/patch/index.php?7459 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/43543 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | <= 0.3.4 Search vendor "Flashtux" for product "Weechat" and version " <= 0.3.4" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.1 Search vendor "Flashtux" for product "Weechat" and version "0.0.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.2 Search vendor "Flashtux" for product "Weechat" and version "0.0.2" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.3 Search vendor "Flashtux" for product "Weechat" and version "0.0.3" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.4 Search vendor "Flashtux" for product "Weechat" and version "0.0.4" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.5 Search vendor "Flashtux" for product "Weechat" and version "0.0.5" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.6 Search vendor "Flashtux" for product "Weechat" and version "0.0.6" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.7 Search vendor "Flashtux" for product "Weechat" and version "0.0.7" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.8 Search vendor "Flashtux" for product "Weechat" and version "0.0.8" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.0.9 Search vendor "Flashtux" for product "Weechat" and version "0.0.9" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.0 Search vendor "Flashtux" for product "Weechat" and version "0.1.0" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.1 Search vendor "Flashtux" for product "Weechat" and version "0.1.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.2 Search vendor "Flashtux" for product "Weechat" and version "0.1.2" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.3 Search vendor "Flashtux" for product "Weechat" and version "0.1.3" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.4 Search vendor "Flashtux" for product "Weechat" and version "0.1.4" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.5 Search vendor "Flashtux" for product "Weechat" and version "0.1.5" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.6 Search vendor "Flashtux" for product "Weechat" and version "0.1.6" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.7 Search vendor "Flashtux" for product "Weechat" and version "0.1.7" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.8 Search vendor "Flashtux" for product "Weechat" and version "0.1.8" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.1.9 Search vendor "Flashtux" for product "Weechat" and version "0.1.9" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.0 Search vendor "Flashtux" for product "Weechat" and version "0.2.0" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.1 Search vendor "Flashtux" for product "Weechat" and version "0.2.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.2 Search vendor "Flashtux" for product "Weechat" and version "0.2.2" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.3 Search vendor "Flashtux" for product "Weechat" and version "0.2.3" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.4 Search vendor "Flashtux" for product "Weechat" and version "0.2.4" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.5 Search vendor "Flashtux" for product "Weechat" and version "0.2.5" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.6 Search vendor "Flashtux" for product "Weechat" and version "0.2.6" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.6.1 Search vendor "Flashtux" for product "Weechat" and version "0.2.6.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.6.2 Search vendor "Flashtux" for product "Weechat" and version "0.2.6.2" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.2.6.3 Search vendor "Flashtux" for product "Weechat" and version "0.2.6.3" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.3.0 Search vendor "Flashtux" for product "Weechat" and version "0.3.0" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.3.1 Search vendor "Flashtux" for product "Weechat" and version "0.3.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.3.1.1 Search vendor "Flashtux" for product "Weechat" and version "0.3.1.1" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.3.2 Search vendor "Flashtux" for product "Weechat" and version "0.3.2" | - |
Affected
| ||||||
| Flashtux Search vendor "Flashtux" | Weechat Search vendor "Flashtux" for product "Weechat" | 0.3.3 Search vendor "Flashtux" for product "Weechat" and version "0.3.3" | - |
Affected
| ||||||