{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-16T22:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46612"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43543"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://savannah.nongnu.org/patch/index.php?7459", "refsource": "CONFIRM", "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46612"}, {"name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43543"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:40.998Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46612"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43543"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1428", "datePublished": "2011-03-16T22:00:00.000Z", "dateReserved": "2011-03-16T00:00:00.000Z", "dateUpdated": "2024-09-17T02:16:44.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "466274E7-1A00-43E0-858D-E7502284C211", "versionEndIncluding": "0.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "385CCD88-6D19-4E74-A92F-351DA7649DAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FBC99DC-E5E3-414E-BA7A-EAA25B13BB66", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "077DDF91-4669-404E-A603-475FACF461B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "93F23AEF-4A8E-492E-8EA4-365F21BDFD03", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "19A374A8-5108-42D9-90BB-52DEE3B21CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "62AB2B6A-60B2-4F59-9B42-2143802328BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "15051829-382B-4495-B948-819A0FA427D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "37EA6810-410A-4E61-AB2D-E8281EBF6539", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A0FB8EDF-52C0-4FC9-B426-76A64A0FE4E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04B2834C-56E7-4645-87FE-48BFEC371D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF61EC94-F246-4409-90F3-EE7DFC69CAF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "550E6F5F-9097-4363-9070-570FD93C87D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBC981A4-46CB-406F-863B-5536A8D5CB56", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "B73D8DC4-6DDF-46D3-9545-CE7B247434D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AEF20591-A0B3-4016-B5F2-1D4B545611A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "4547261E-1696-4AE4-BCFB-9BCE5FD25695", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "4A1EDE38-742B-42CA-AADD-90619ACA0548", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7009800C-1C58-47C7-B39E-1AE4D490AB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "8DD0016E-DFBB-4266-BAD1-C6AC3BBA6240", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "260A912C-8415-40AC-B3CA-88CAD52D999B", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "74466A06-6DAC-484E-B087-0D0EDCF05B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "775BB9BF-C722-40C0-94C5-54E3E2F70EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E32350E-BA84-405B-828E-587242F65D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7F9DC6B2-477E-41A8-801A-B2D1FD9C74A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D6ABB52B-A18E-4FEF-9D45-F03AE9A2C822", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "DC44B684-89A2-4A6E-8BC1-98C3C7B6A0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD6E122F-B037-4969-A8B6-727FC137057F", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD9130CC-BB1D-4523-AE17-81FA7304D1F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4BFD5C8D-A60C-41A4-A960-B1FDDC9ADA66", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E5C3F77-0B77-4270-A82B-185CE85B4D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0E3319D-909D-4334-96C6-67656A228C7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3B74FE7-45EF-416A-8606-61FC0F05E76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8FE21E59-3A2C-40A4-AE97-3EB2F8A2A509", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F2E27C97-37BE-4BA3-9BCD-900D8DC44F58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}, {"lang": "es", "value": "Wee Enhanced Environment para Chat (tambi\u00e9n conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes \"man-in-the-middle\" falsificar un servidor de chat SSL a trav\u00e9s de un certificado de su elecci\u00f3n, relacionado con el uso incorrecto de la API GnuTLS."}], "id": "CVE-2011-1428", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-16T22:55:04.700", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"source": "cve@mitre.org", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43543"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46612"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}