Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2011-1094

kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.3%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2011-1094
  • Redhat » Kdelibs » Version: N/A
    cpe:2.3:a:redhat:kdelibs:-
  • Redhat » Kdelibs » Version: 2.1.1-5
    cpe:2.3:a:redhat:kdelibs:2.1.1-5
  • Redhat » Kdelibs » Version: 2.2-11
    cpe:2.3:a:redhat:kdelibs:2.2-11
  • Redhat » Kdelibs » Version: 3.0.0-10
    cpe:2.3:a:redhat:kdelibs:3.0.0-10
  • Redhat » Kdelibs » Version: 3.1-10
    cpe:2.3:a:redhat:kdelibs:3.1-10
  • Redhat » Kdelibs » Version: 3.5.10
    cpe:2.3:a:redhat:kdelibs:3.5.10
  • Redhat » Kdelibs » Version: 3.5.2
    cpe:2.3:a:redhat:kdelibs:3.5.2
  • Redhat » Kdelibs » Version: 3.5.9
    cpe:2.3:a:redhat:kdelibs:3.5.9


Contact Us

Shodan ® - All rights reserved