CVE-2010-5076 - Vulnerability Details

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Digia	Qt
Qt	Qt
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:digia:qt::::::::
	cpe:2.3:a:qt:qt:4.0.0:::::::*
	cpe:2.3:a:qt:qt:4.0.1:::::::*
	cpe:2.3:a:qt:qt:4.1.0:::::::*
	cpe:2.3:a:qt:qt:4.1.1:::::::*
	cpe:2.3:a:qt:qt:4.1.2:::::::*
	cpe:2.3:a:qt:qt:4.1.3:::::::*
	cpe:2.3:a:qt:qt:4.1.4:::::::*
	cpe:2.3:a:qt:qt:4.1.5:::::::*
	cpe:2.3:a:qt:qt:4.2.0:::::::*
	cpe:2.3:a:qt:qt:4.2.1:::::::*
	cpe:2.3:a:qt:qt:4.2.3:::::::*
	cpe:2.3:a:qt:qt:4.3.0:::::::*
	cpe:2.3:a:qt:qt:4.3.1:::::::*
	cpe:2.3:a:qt:qt:4.3.2:::::::*
	cpe:2.3:a:qt:qt:4.3.3:::::::*
	cpe:2.3:a:qt:qt:4.3.4:::::::*
	cpe:2.3:a:qt:qt:4.3.5:::::::*
	cpe:2.3:a:qt:qt:4.4.0:::::::*
	cpe:2.3:a:qt:qt:4.4.1:::::::*
	cpe:2.3:a:qt:qt:4.4.2:::::::*
	cpe:2.3:a:qt:qt:4.4.3:::::::*
	cpe:2.3:a:qt:qt:4.5.0:::::::*
	cpe:2.3:a:qt:qt:4.5.1:::::::*
	cpe:2.3:a:qt:qt:4.5.2:::::::*
	cpe:2.3:a:qt:qt:4.5.3:::::::*
	cpe:2.3:a:qt:qt:4.6.0:::::::*
	cpe:2.3:a:qt:qt:4.6.0:rc1::::::
	cpe:2.3:a:qt:qt:4.6.1:::::::*
	cpe:2.3:a:qt:qt:4.6.2:::::::*
	cpe:2.3:a:qt:qt:4.6.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
qt-1:4.6.2-24.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0880	2012-06-19T00:00:00Z

References

Link	Providers
http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0
http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e
http://rhn.redhat.com/errata/RHSA-2012-0880.html
http://secunia.com/advisories/41236
http://secunia.com/advisories/49604
http://secunia.com/advisories/49895
http://www.ubuntu.com/usn/USN-1504-1
http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt
https://bugreports.qt-project.org/browse/QTBUG-4455
https://nvd.nist.gov/vuln/detail/CVE-2010-5076
https://www.cve.org/CVERecord?id=CVE-2010-5076

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-29T19:00:00

Updated: 2024-08-07T04:09:38.930Z

Reserved: 2011-12-19T00:00:00

Link: CVE-2010-5076

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-06-29T19:55:01.563

Modified: 2024-11-21T01:22:27.087

Link: CVE-2010-5076

Redhat

Severity : Low

Publid Date: 2010-07-14T00:00:00Z

Links: CVE-2010-5076 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object