Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2009-4831.
References
Link | Resource |
---|---|
http://secunia.com/advisories/51190 | Broken Link |
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | Exploit |
http://www.securityfocus.com/bid/56454 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 | Third Party Advisory VDB Entry |
Configurations
History
07 Feb 2022, 18:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cerulean_studios:trillian:5.1.0.19:*:*:*:*:*:*:* | |
First Time |
Cerulean Studios trillian
Cerulean Studios |
|
CWE | CWE-295 | |
References | (SECUNIA) http://secunia.com/advisories/51190 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/56454 - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/79915 - Third Party Advisory, VDB Entry |
Information
Published : 2012-11-04 22:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-5824
Mitre link : CVE-2012-5824
CVE.ORG link : CVE-2012-5824
JSON object : View
Products Affected
cerulean_studios
- trillian
CWE
CWE-295
Improper Certificate Validation