CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-4237

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.4%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
https://bz.mercurial-scm.org/show_bug.cgi?id=2407
https://security-tracker.debian.org/tracker/CVE-2010-4237
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237
https://bz.mercurial-scm.org/show_bug.cgi?id=2407
https://security-tracker.debian.org/tracker/CVE-2010-4237

Products affected by CVE-2010-4237

Mercurial » Mercurial » Version: 1.6.0

cpe:2.3:a:mercurial:mercurial:1.6.0
Mercurial » Mercurial » Version: 1.6.1

cpe:2.3:a:mercurial:mercurial:1.6.1
Mercurial » Mercurial » Version: 1.6.2

cpe:2.3:a:mercurial:mercurial:1.6.2
Mercurial » Mercurial » Version: 1.6.3

cpe:2.3:a:mercurial:mercurial:1.6.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-4237

Products

Pricing

Contact Us