Detections
Analytics

MiracleLinux 3 : w3m-0.5.1-17.AXS3 (AXSA:2010-392:01)

medium Nessus Plugin ID 283987

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-392:01 advisory.

 The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from the header; if the Content-Type field of the document is text/html, the document is displayed as an HTML document; you can change a URL description like 'http://hogege.net' in plain text into a link to that URL.
 If you want to display the inline images on w3m, you need to install w3m-img package as well.
 Security issues fixed with this release:
 CVE-2010-2074 istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected w3m package.

See Also

https://tsn.miraclelinux.com/en/node/1553

Plugin Details

Severity: Medium

ID: 283987

File Name: miracle_linux_AXSA-2010-392.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2010-2074

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:w3m

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/28/2010

Vulnerability Publication Date: 6/14/2010

Reference Information

CVE: CVE-2010-2074