{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-03T00:00:00", "descriptions": [{"lang": "en", "value": "Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20100412 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127110132019166&w=2"}, {"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127116251220784&w=2"}, {"name": "ADV-2010-0856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0856"}, {"name": "ADV-2010-1110", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1110"}, {"name": "irssi-hostname-mitm(57790)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "ADV-2010-0987", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0987"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127119240204394&w=2"}, {"name": "39620", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39620"}, {"name": "39365", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39365"}, {"name": "USN-929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-929-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://irssi.org/news"}, {"name": "[oss-security] 20100411 CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=127098845125270&w=2"}, {"name": "SSA:2010-116-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"}, {"name": "FEDORA-2010-6629", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://irssi.org/news/ChangeLog"}, {"name": "39797", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39797"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:14:06.324Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100412 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127110132019166&w=2"}, {"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127116251220784&w=2"}, {"name": "ADV-2010-0856", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0856"}, {"name": "ADV-2010-1110", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1110"}, {"name": "irssi-hostname-mitm(57790)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "ADV-2010-0987", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0987"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127119240204394&w=2"}, {"name": "39620", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39620"}, {"name": "39365", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39365"}, {"name": "USN-929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-929-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://irssi.org/news"}, {"name": "[oss-security] 20100411 CVE request: irssi 0.8.15", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=127098845125270&w=2"}, {"name": "SSA:2010-116-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"}, {"name": "FEDORA-2010-6629", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://irssi.org/news/ChangeLog"}, {"name": "39797", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39797"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1155", "datePublished": "2010-04-16T19:00:00", "dateReserved": "2010-03-29T00:00:00", "dateUpdated": "2024-08-07T01:14:06.324Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:irssi:irssi:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "B25DF08F-FC05-4EC0-BBA2-6575F312DD8B", "versionEndIncluding": "0.8.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "986E338F-D640-4874-9A5F-CEF1F9CE8ECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC7D751E-3083-489B-88D7-01316FA474DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "ABD04D75-0FB2-46A4-943F-C6D225E1EC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "3D72FE63-DAE4-4297-88BA-190594604307", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CC775325-9EA0-4E13-A03A-BD315E10C056", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "33D6B8D2-CAE3-4001-BF92-933417E43F6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "396BCD07-520E-4FE8-8F83-DDE8F4B2D036", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "1A1732D0-2E71-4FDE-B528-3A9B6BEAA9DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "573668C9-CFBC-4B8E-885F-F2C5533304F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "0631BD85-D548-417C-8977-2C3CF06DBEDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "356E844D-D076-4FC7-B6A0-AB0F1927B009", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc5:*:*:*:*:*:*", "matchCriteriaId": "6D607284-5737-47E9-9037-B62467E348BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc6:*:*:*:*:*:*", "matchCriteriaId": "52FD7686-E4CE-48D9-ABEE-5973CFF8333E", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc7:*:*:*:*:*:*", "matchCriteriaId": "85BDCC58-FC6E-432B-9E04-DCEF7527F3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.10:rc8:*:*:*:*:*:*", "matchCriteriaId": "BC60C00F-7FE1-4115-B45D-F0916AC663C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "9AE96247-99B1-452F-B099-FC8C42E75051", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "90AE0D8E-FE84-4AE5-A070-10419E3FC850", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "DB9950D5-3B0F-4A97-9164-15E84A3EF2D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "79F1FACC-F8CC-4757-A39C-C8752BA32928", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "F0738365-71F2-4F99-BAD0-8427E9D2F922", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "1FFA993F-4826-4937-B51D-438CFF4E08EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "E94034DE-085E-4F8A-AC4C-ACD0FCF14C1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:irssi:irssi:0.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "60E31CBB-A71A-4C3B-95CF-D393ADC91FE1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate."}, {"lang": "es", "value": "Irssi anterior v0.8.15, cuando usa SSL, no verifica que el servidor de nombres coincide con un nombre de dominio en el campo \"subject\" del Common Name (CN) o en un campo Subject Alternative Name del certifiado X.509, lo que permite a atacantes man-in-the-middel falsificar servidores IRC a trav\u00e9s de un certificado de su elecci\u00f3n. \r\n"}], "id": "CVE-2010-1155", "lastModified": "2024-11-21T01:13:45.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-16T19:30:00.350", "references": [{"source": "secalert@redhat.com", "url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"}, {"source": "secalert@redhat.com", "url": "http://irssi.org/news"}, {"source": "secalert@redhat.com", "url": "http://irssi.org/news/ChangeLog"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127098845125270&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127110132019166&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127116251220784&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=oss-security&m=127119240204394&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39365"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39620"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39797"}, {"source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-929-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0856"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0987"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1110"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://github.com/ensc/irssi-proxy/commit/85bbc05b21678e80423815d2ef1dfe26208491ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://irssi.org/news"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://irssi.org/news/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127098845125270&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127110132019166&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127116251220784&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=127119240204394&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-929-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57790"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}