Vulnerability Details CVE-2007-6746
telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.3%
CVSS Severity
CVSS v2 Score 5.8
Products affected by CVE-2007-6746
-
cpe:2.3:a:canonical:telepathy-idle:0.1.10.1
-
cpe:2.3:a:canonical:telepathy-idle:0.1.11.1
-
cpe:2.3:a:canonical:telepathy-idle:0.1.11.2
-
cpe:2.3:a:canonical:telepathy-idle:0.1.12.1
-
cpe:2.3:a:canonical:telepathy-idle:0.1.14
-
cpe:2.3:a:canonical:telepathy-idle:0.1.14.1
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.04