2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2011-1428" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2011-03-16T22:55:04.700" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T02:07:01.193" ,
"vulnStatus" : "Modified" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
} ,
{
"lang" : "es" ,
"value" : "Wee Enhanced Environment para Chat (tambi\u00e9n conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes \"man-in-the-middle\" falsificar un servidor de chat SSL a trav\u00e9s de un certificado de su elecci\u00f3n, relacionado con el uso incorrecto de la API GnuTLS."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.8
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 4.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "0.3.4" ,
"matchCriteriaId" : "466274E7-1A00-43E0-858D-E7502284C211"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "385CCD88-6D19-4E74-A92F-351DA7649DAC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3FBC99DC-E5E3-414E-BA7A-EAA25B13BB66"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "077DDF91-4669-404E-A603-475FACF461B1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "93F23AEF-4A8E-492E-8EA4-365F21BDFD03"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "19A374A8-5108-42D9-90BB-52DEE3B21CA4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "62AB2B6A-60B2-4F59-9B42-2143802328BC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "15051829-382B-4495-B948-819A0FA427D1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "37EA6810-410A-4E61-AB2D-E8281EBF6539"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A0FB8EDF-52C0-4FC9-B426-76A64A0FE4E2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04B2834C-56E7-4645-87FE-48BFEC371D2A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF61EC94-F246-4409-90F3-EE7DFC69CAF4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "550E6F5F-9097-4363-9070-570FD93C87D9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CBC981A4-46CB-406F-863B-5536A8D5CB56"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B73D8DC4-6DDF-46D3-9545-CE7B247434D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AEF20591-A0B3-4016-B5F2-1D4B545611A8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4547261E-1696-4AE4-BCFB-9BCE5FD25695"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4A1EDE38-742B-42CA-AADD-90619ACA0548"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7009800C-1C58-47C7-B39E-1AE4D490AB75"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8DD0016E-DFBB-4266-BAD1-C6AC3BBA6240"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "260A912C-8415-40AC-B3CA-88CAD52D999B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "74466A06-6DAC-484E-B087-0D0EDCF05B46"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "775BB9BF-C722-40C0-94C5-54E3E2F70EBC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E32350E-BA84-405B-828E-587242F65D21"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F9DC6B2-477E-41A8-801A-B2D1FD9C74A8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D6ABB52B-A18E-4FEF-9D45-F03AE9A2C822"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DC44B684-89A2-4A6E-8BC1-98C3C7B6A0FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AD6E122F-B037-4969-A8B6-727FC137057F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FD9130CC-BB1D-4523-AE17-81FA7304D1F2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4BFD5C8D-A60C-41A4-A960-B1FDDC9ADA66"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7E5C3F77-0B77-4270-A82B-185CE85B4D2C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F0E3319D-909D-4334-96C6-67656A228C7F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D3B74FE7-45EF-416A-8606-61FC0F05E76E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8FE21E59-3A2C-40A4-AE97-3EB2F8A2A509"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F2E27C97-37BE-4BA3-9BCD-900D8DC44F58"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit"
]
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://savannah.nongnu.org/patch/index.php?7459" ,
2023-04-24 12:24:31 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
2023-11-07 21:03:21 +00:00
"Exploit" ,
2023-04-24 12:24:31 +02:00
"Patch"
]
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "http://secunia.com/advisories/43543" ,
2023-04-24 12:24:31 +02:00
"source" : "cve@mitre.org" ,
"tags" : [
2023-11-07 21:03:21 +00:00
"Vendor Advisory"
2023-04-24 12:24:31 +02:00
]
} ,
{
"url" : "http://www.securityfocus.com/bid/46612" ,
"source" : "cve@mitre.org"
}
]
}
