VDB
CVE-2010-2074
CVE-2010-2074
PUBLISHED
CVSS 6.800000190734863 MEDIUM
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
EPSS 1.84% · 83.3th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
1.84%
83.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| w3m | w3m | 0.5.2 |
Exploit Intelligence
- [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName (circl)
- 40134 (circl)
- 65538 (circl)
- 1024252 (circl)
- ADV-2010-1467 (circl)
- ADV-2010-1879 (circl)
- ADV-2010-1928 (circl)
- SUSE-SR:2010:014 (circl)
- RHSA-2010:0565 (circl)
- 40837 (circl)
…and 2 more exploits
Timeline
- Jun 16, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- [oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName mailing-list
- 40134 third-party-advisory
- 65538 vdb
- 1024252 vdb
- ADV-2010-1467 vdb
- ADV-2010-1879 vdb
- ADV-2010-1928 vdb
- SUSE-SR:2010:014 vendor-advisory
- RHSA-2010:0565 vendor-advisory
- 40837 vdb
- 40733 third-party-advisory
- FEDORA-2010-10369 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2010-2074 advisory