Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat KDE kdelibs IP地址SSL证书安全绕过漏洞
Vulnerability Description
kdelibs是创建在Qt框架之上,它提供框架和众多功能来开发KDE软体的基础库。 kdelibs 4.6.1之前版本的KDE KSSL中的kio/kio/tcpslavebase.cpp没有对服务器主机名称与X.509证书主题域名的匹配进行正确验证。kdelibs代码能接收服务器颁发的指定主机名或主机名所解析的IP地址的证书作为合法证书。中间人攻击者可以通过获得可信CA颁发的指定攻击者控制IP地址的SSL证书,通过接触目标用户DNS解析,欺骗任意SSL服务器,获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A