CVE-2011-1428 - Vulnerability Details

Vendors	Products
Flashtux	Weechat

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html
http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91
http://savannah.nongnu.org/patch/index.php?7459
http://secunia.com/advisories/43543
http://www.securityfocus.com/bid/46612

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-03-16T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46612"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43543"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://savannah.nongnu.org/patch/index.php?7459", "refsource": "CONFIRM", "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46612"}, {"name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43543"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:40.998Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"name": "46612", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46612"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"name": "43543", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43543"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1428", "datePublished": "2011-03-16T22:00:00Z", "dateReserved": "2011-03-16T00:00:00Z", "dateUpdated": "2024-09-17T02:16:44.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2011-03-16T22:00:00Z (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://savannah.nongnu.org/patch/index.php?7459 (string)

}

1 : { »

name : 46612 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/46612 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

}

3 : { »

name : 20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html (string)

}

4 : { »

name : 43543 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/43543 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2011-1428 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://savannah.nongnu.org/patch/index.php?7459 (string)

refsource : CONFIRM (string)

url : http://savannah.nongnu.org/patch/index.php?7459 (string)

}

1 : { »

name : 46612 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/46612 (string)

}

2 : { »

name : http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

refsource : CONFIRM (string)

url : http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

}

3 : { »

name : 20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification (string)

refsource : FULLDISC (string)

url : http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html (string)

}

4 : { »

name : 43543 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/43543 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T22:28:40.998Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://savannah.nongnu.org/patch/index.php?7459 (string)

}

1 : { »

name : 46612 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/46612 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

}

3 : { »

name : 20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html (string)

}

4 : { »

name : 43543 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/43543 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2011-1428 (string)

datePublished : 2011-03-16T22:00:00Z (string)

dateReserved : 2011-03-16T00:00:00Z (string)

dateUpdated : 2024-09-17T02:16:44.046Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "466274E7-1A00-43E0-858D-E7502284C211", "versionEndIncluding": "0.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "385CCD88-6D19-4E74-A92F-351DA7649DAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FBC99DC-E5E3-414E-BA7A-EAA25B13BB66", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "077DDF91-4669-404E-A603-475FACF461B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "93F23AEF-4A8E-492E-8EA4-365F21BDFD03", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "19A374A8-5108-42D9-90BB-52DEE3B21CA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "62AB2B6A-60B2-4F59-9B42-2143802328BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "15051829-382B-4495-B948-819A0FA427D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "37EA6810-410A-4E61-AB2D-E8281EBF6539", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A0FB8EDF-52C0-4FC9-B426-76A64A0FE4E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "04B2834C-56E7-4645-87FE-48BFEC371D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF61EC94-F246-4409-90F3-EE7DFC69CAF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "550E6F5F-9097-4363-9070-570FD93C87D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBC981A4-46CB-406F-863B-5536A8D5CB56", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "B73D8DC4-6DDF-46D3-9545-CE7B247434D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AEF20591-A0B3-4016-B5F2-1D4B545611A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "4547261E-1696-4AE4-BCFB-9BCE5FD25695", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "4A1EDE38-742B-42CA-AADD-90619ACA0548", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "7009800C-1C58-47C7-B39E-1AE4D490AB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "8DD0016E-DFBB-4266-BAD1-C6AC3BBA6240", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "260A912C-8415-40AC-B3CA-88CAD52D999B", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "74466A06-6DAC-484E-B087-0D0EDCF05B46", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "775BB9BF-C722-40C0-94C5-54E3E2F70EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6E32350E-BA84-405B-828E-587242F65D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7F9DC6B2-477E-41A8-801A-B2D1FD9C74A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D6ABB52B-A18E-4FEF-9D45-F03AE9A2C822", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "DC44B684-89A2-4A6E-8BC1-98C3C7B6A0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD6E122F-B037-4969-A8B6-727FC137057F", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD9130CC-BB1D-4523-AE17-81FA7304D1F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4BFD5C8D-A60C-41A4-A960-B1FDDC9ADA66", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E5C3F77-0B77-4270-A82B-185CE85B4D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0E3319D-909D-4334-96C6-67656A228C7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3B74FE7-45EF-416A-8606-61FC0F05E76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8FE21E59-3A2C-40A4-AE97-3EB2F8A2A509", "vulnerable": true}, {"criteria": "cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F2E27C97-37BE-4BA3-9BCD-900D8DC44F58", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."}, {"lang": "es", "value": "Wee Enhanced Environment para Chat (tambi\u00e9n conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes \"man-in-the-middle\" falsificar un servidor de chat SSL a trav\u00e9s de un certificado de su elecci\u00f3n, relacionado con el uso incorrecto de la API GnuTLS."}], "id": "CVE-2011-1428", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-16T22:55:04.700", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"source": "cve@mitre.org", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43543"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://savannah.nongnu.org/patch/index.php?7459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46612"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:flashtux:weechat:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 466274E7-1A00-43E0-858D-E7502284C211 (string)

versionEndIncluding : 0.3.4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 385CCD88-6D19-4E74-A92F-351DA7649DAC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FBC99DC-E5E3-414E-BA7A-EAA25B13BB66 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 077DDF91-4669-404E-A603-475FACF461B1 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 93F23AEF-4A8E-492E-8EA4-365F21BDFD03 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 19A374A8-5108-42D9-90BB-52DEE3B21CA4 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 62AB2B6A-60B2-4F59-9B42-2143802328BC (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 15051829-382B-4495-B948-819A0FA427D1 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 37EA6810-410A-4E61-AB2D-E8281EBF6539 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : A0FB8EDF-52C0-4FC9-B426-76A64A0FE4E2 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 04B2834C-56E7-4645-87FE-48BFEC371D2A (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FF61EC94-F246-4409-90F3-EE7DFC69CAF4 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 550E6F5F-9097-4363-9070-570FD93C87D9 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CBC981A4-46CB-406F-863B-5536A8D5CB56 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : B73D8DC4-6DDF-46D3-9545-CE7B247434D7 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : AEF20591-A0B3-4016-B5F2-1D4B545611A8 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 4547261E-1696-4AE4-BCFB-9BCE5FD25695 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 4A1EDE38-742B-42CA-AADD-90619ACA0548 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 7009800C-1C58-47C7-B39E-1AE4D490AB75 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.1.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 8DD0016E-DFBB-4266-BAD1-C6AC3BBA6240 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 260A912C-8415-40AC-B3CA-88CAD52D999B (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 74466A06-6DAC-484E-B087-0D0EDCF05B46 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 775BB9BF-C722-40C0-94C5-54E3E2F70EBC (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E32350E-BA84-405B-828E-587242F65D21 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F9DC6B2-477E-41A8-801A-B2D1FD9C74A8 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : D6ABB52B-A18E-4FEF-9D45-F03AE9A2C822 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : DC44B684-89A2-4A6E-8BC1-98C3C7B6A0FA (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AD6E122F-B037-4969-A8B6-727FC137057F (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FD9130CC-BB1D-4523-AE17-81FA7304D1F2 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.2.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BFD5C8D-A60C-41A4-A960-B1FDDC9ADA66 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7E5C3F77-0B77-4270-A82B-185CE85B4D2C (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F0E3319D-909D-4334-96C6-67656A228C7F (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.3.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D3B74FE7-45EF-416A-8606-61FC0F05E76E (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8FE21E59-3A2C-40A4-AE97-3EB2F8A2A509 (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:flashtux:weechat:0.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F2E27C97-37BE-4BA3-9BCD-900D8DC44F58 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. (string)

}

1 : { »

lang : es (string)

value : Wee Enhanced Environment para Chat (también conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes "man-in-the-middle" falsificar un servidor de chat SSL a través de un certificado de su elección, relacionado con el uso incorrecto de la API GnuTLS. (string)

}

]

id : CVE-2011-1428 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

}

published : 2011-03-16T22:55:04.700 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://savannah.nongnu.org/patch/index.php?7459 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/43543 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/46612 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : http://savannah.nongnu.org/patch/index.php?7459 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/43543 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/46612 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object