Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KDE KSSL NULL Character CA SSL证书验证安全绕过漏洞
Vulnerability Description
kdelibs 3.5.4,4.2.4和4.3版本中的KDE KSSL没有正确的处理X.509证书的Subject Alternative Name字段的域名中的一个'\0'字符,这使得中间人攻击者可以借助一个特制的由合法的鉴定权威颁布的证书,欺骗任意的SSL服务商。该漏洞与CVE-2009-2408有关。
CVSS Information
N/A
Vulnerability Type
N/A