CVE-2010-3900 - Vulnerability Details - OpenCVE

Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Christian Dywan	Midori

Configuration 1 [-]

OR	cpe:2.3:a:christian_dywan:midori::::::::
	cpe:2.3:a:christian_dywan:midori:0.1.10:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.0:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.1:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.2:::::::*
	cpe:2.3:a:christian_dywan:midori:0.2.3:::::::*

No data.

References

Link	Providers
http://git.xfce.org/apps/midori/tree/ChangeLog
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/
http://www.openwall.com/lists/oss-security/2010/09/17/6
http://www.twotoasts.de/bugs/index.php?do=details&task_id=168
http://www.twotoasts.de/bugs/index.php?do=details&task_id=743
http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html
http://www.vupen.com/english/advisories/2011/0212

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-10-12T21:00:00

Updated: 2024-08-07T03:26:11.995Z

Reserved: 2010-10-12T00:00:00

Link: CVE-2010-3900

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-10-14T05:58:42.863

Modified: 2024-11-21T01:19:51.680

Link: CVE-2010-3900

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-02-17T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43068"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"tags": ["x_refsource_MISC"], "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.xfce.org/apps/midori/tree/ChangeLog"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6"}, {"tags": ["x_refsource_MISC"], "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068"}, {"name": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168", "refsource": "CONFIRM", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168"}, {"name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/", "refsource": "MISC", "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/"}, {"name": "http://git.xfce.org/apps/midori/tree/ChangeLog", "refsource": "CONFIRM", "url": "http://git.xfce.org/apps/midori/tree/ChangeLog"}, {"name": "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html", "refsource": "CONFIRM", "url": "http://www.twotoasts.de/index.php?/archives/30-Validation,-vending-and-Vala.html"}, {"name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6"}, {"name": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743", "refsource": "MISC", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:26:11.995Z"}, "title": "CVE Program Container", "references": [{"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.xfce.org/apps/midori/tree/ChangeLog"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "[oss-security] 20100917 Re: CVE request: epiphany not checking ssl certs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3900", "datePublished": "2010-10-12T21:00:00", "dateReserved": "2010-10-12T00:00:00", "dateUpdated": "2024-08-07T03:26:11.995Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:christian_dywan:midori:*:*:*:*:*:*:*:*", "matchCriteriaId": "256EDAD3-20D8-4EEA-AB43-63C22313F24B", "versionEndIncluding": "0.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_dywan:midori:0.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6D5DE4C8-F98C-473B-BC0B-C042C08498D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_dywan:midori:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE0131CF-AE4A-45C7-BC4A-34D363E30543", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_dywan:midori:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7FCC7505-E17F-46E6-9BF4-38AC39C51E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_dywan:midori:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "358FB79F-5A9C-48BA-A305-0BF717A8104C", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_dywan:midori:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "26D6380B-62A9-45C1-981C-4D601A343E35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312."}, {"lang": "es", "value": "Midori anterior v0.2.5, cuando WebKitGTK+ anterior v1.1.14 o LibSoup anterior v2.29.91 se usa, no verifica los certificados 11 X.509, lo que permite a atacantes \"man-in-the-middle\" manipular sitios web https de su elecci\u00f3n a trav\u00e9s de certificados de servidor manipulados, tema relacionado con CVE-2010-3312."}], "id": "CVE-2010-3900", "lastModified": "2024-11-21T01:19:51.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-14T05:58:42.863", "references": [{"source": "cve@mitre.org", "url": "http://git.xfce.org/apps/midori/tree/ChangeLog"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43068"}, {"source": "cve@mitre.org", "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6"}, {"source": "cve@mitre.org", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168"}, {"source": "cve@mitre.org", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743"}, {"source": "cve@mitre.org", "url": "http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.xfce.org/apps/midori/tree/ChangeLog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.omgubuntu.co.uk/2010/05/midori-0-2-5-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/09/17/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.twotoasts.de/bugs/index.php?do=details&task_id=743"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.twotoasts.de/index.php?/archives/30-Validation%2C-vending-and-Vala.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0212"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}