You are here

CVE-2011-3365

Vincent (CVE) Danen's picture
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

Details Source

Mitre

Public Date

2011-10-03 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-3365 kdelibs: input validation failure in KSSL

Bugzilla ID

743 054

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:P/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kdelibs) RHSA-2011:1364 2011-10-11
Red Hat Enterprise Linux 4 (kdelibs) RHSA-2011:1385 2011-10-19
Red Hat Enterprise Linux 5 (kdelibs) RHSA-2011:1385 2011-10-19
Red Hat Enterprise Linux 6 (kdelibs3) RHSA-2011:1385 2011-10-19

CWE

CWE-20