CVE-2010-3900

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://git.xfce.org/apps/midori/tree/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/
http://www.openwall.com/lists/oss-security/2010/09/17/6
http://www.twotoasts.de/bugs/index.php?do=details&task_id=168
http://www.twotoasts.de/bugs/index.php?do=details&task_id=743
http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html
http://www.vupen.com/english/advisories/2011/0212
http://git.xfce.org/apps/midori/tree/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/
http://www.openwall.com/lists/oss-security/2010/09/17/6
http://www.twotoasts.de/bugs/index.php?do=details&task_id=168
http://www.twotoasts.de/bugs/index.php?do=details&task_id=743
http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html
http://www.vupen.com/english/advisories/2011/0212

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:christian_dywan:midori::::::::
	cpe:2.3:a:christian_dywan:midori:0.1.10:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.0:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.1:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.2:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.3:::::::*

History

21 Nov 2024, 01:19

Type	Values Removed	Values Added
References	~~() http://git.xfce.org/apps/midori/tree/ChangeLog -~~	() http://git.xfce.org/apps/midori/tree/ChangeLog -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html -
References	~~() http://secunia.com/advisories/43068 -~~	() http://secunia.com/advisories/43068 -
References	~~() http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/ -~~	() http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/ -
References	~~() http://www.openwall.com/lists/oss-security/2010/09/17/6 -~~	() http://www.openwall.com/lists/oss-security/2010/09/17/6 -
References	~~() http://www.twotoasts.de/bugs/index.php?do=details&task_id=168 -~~	() http://www.twotoasts.de/bugs/index.php?do=details&task_id=168 -
References	~~() http://www.twotoasts.de/bugs/index.php?do=details&task_id=743 -~~	() http://www.twotoasts.de/bugs/index.php?do=details&task_id=743 -
References	~~() http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html -~~	() http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html -
References	~~() http://www.vupen.com/english/advisories/2011/0212 -~~	() http://www.vupen.com/english/advisories/2011/0212 -

Information

Published : 2010-10-14 05:58

Updated : 2025-04-11 00:51

NVD link : CVE-2010-3900

Mitre link : CVE-2010-3900

CVE.ORG link : CVE-2010-3900

JSON object : View

Products Affected

christian_dywan

midori

CWE

NVD-CWE-Other

5.8 /10