CVE-2011-3366

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

References

http://www.kde.org/info/security/advisory-20111003-1.txt

http://www.securityfocus.com/archive/1/520041

https://bugzilla.redhat.com/show_bug.cgi?id=743194

Details

Source: MITRE

Published: 2011-11-29

Updated: 2011-12-01

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
79962GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011NessusGentoo Local Security Checks
critical
56587FreeBSD : kdelibs4, rekonq -- input validation failure (6d21a287-fce0-11e0-a828-00235a5f2c9a)NessusFreeBSD Local Security Checks
medium