VDB
CVE-2010-5076
CVE-2010-5076
PUBLISHED
CVSS 4.300000190734863 MEDIUM
QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
EPSS 0.58% · 69.4th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.58%
69.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| qt | qt | 4.3.5, 4.1.0, 4.1.1 |
| digia | qt | 0 |
Exploit Intelligence
- http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 (nist-nvd)
- http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt (circl)
- USN-1504-1 (circl)
- 49895 (circl)
- RHSA-2012:0880 (circl)
- 41236 (circl)
- http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e (circl)
- 49604 (circl)
- https://bugreports.qt-project.org/browse/QTBUG-4455 (circl)
Timeline
- Jun 29, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt url
- USN-1504-1 vendor-advisory
- 49895 third-party-advisory
- RHSA-2012:0880 vendor-advisory
- 41236 third-party-advisory
- http://qt.gitorious.org/qt/qt/commit/846f1b44eea4bb34d080d055badb40a4a13d369e url
- http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 url
- 49604 third-party-advisory
- https://bugreports.qt-project.org/browse/QTBUG-4455 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-5076 advisory