Vulnerability Details CVE-2011-3365
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.kde.org/info/security/advisory-20111003-1.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:162
- http://www.redhat.com/support/errata/RHSA-2011-1364.html
- http://www.redhat.com/support/errata/RHSA-2011-1385.html
- https://bugzilla.redhat.com/show_bug.cgi?id=743054
- http://www.kde.org/info/security/advisory-20111003-1.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:162
- http://www.redhat.com/support/errata/RHSA-2011-1364.html
- http://www.redhat.com/support/errata/RHSA-2011-1385.html
- https://bugzilla.redhat.com/show_bug.cgi?id=743054
Products affected by CVE-2011-3365
-
cpe:2.3:a:kde:kde_sc:4.6.0
-
cpe:2.3:a:kde:kde_sc:4.6.1
-
cpe:2.3:a:kde:kde_sc:4.6.2
-
cpe:2.3:a:kde:kde_sc:4.6.3
-
cpe:2.3:a:kde:kde_sc:4.6.4
-
cpe:2.3:a:kde:kde_sc:4.6.5
-
cpe:2.3:a:kde:kde_sc:4.7.0
-
cpe:2.3:a:kde:kde_sc:4.7.1