rhsa-2010:0565
Vulnerability from csaf_redhat
Published
2010-07-27 12:58
Modified
2024-11-22 03:29
Summary
Red Hat Security Advisory: w3m security update
Notes
Topic
Updated w3m packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
The w3m program is a pager (or text file viewer) that can also be used as a
text mode web browser.
It was discovered that w3m is affected by the previously published "null
prefix attack", caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse w3m
into accepting it by mistake. (CVE-2010-2074)
All w3m users should upgrade to these updated packages, which contain a
backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated w3m packages that fix one security issue are now available for Red\nHat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The w3m program is a pager (or text file viewer) that can also be used as a\ntext mode web browser.\n\nIt was discovered that w3m is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse w3m\ninto accepting it by mistake. (CVE-2010-2074)\n\nAll w3m users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0565",
"url": "https://access.redhat.com/errata/RHSA-2010:0565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "604855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=604855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0565.json"
}
],
"title": "Red Hat Security Advisory: w3m security update",
"tracking": {
"current_release_date": "2024-11-22T03:29:36+00:00",
"generator": {
"date": "2024-11-22T03:29:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0565",
"initial_release_date": "2010-07-27T12:58:00+00:00",
"revision_history": [
{
"date": "2010-07-27T12:58:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-07-27T08:58:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:29:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.src",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.src",
"product_id": "w3m-0:0.5.1-17.el5_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product_id": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.i386",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386",
"product_id": "w3m-img-0:0.5.1-17.el5_5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product_id": "w3m-img-0:0.5.1-17.el5_5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product_id": "w3m-img-0:0.5.1-17.el5_5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "w3m-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m@0.5.1-17.el5_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-debuginfo@0.5.1-17.el5_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product_id": "w3m-img-0:0.5.1-17.el5_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/w3m-img@0.5.1-17.el5_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.src"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:w3m-img-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.src"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.i386"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.ia64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.ppc"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.s390x"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "w3m-img-0:0.5.1-17.el5_5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
},
"product_reference": "w3m-img-0:0.5.1-17.el5_5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2010-2074",
"discovery_date": "2010-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "604855"
}
],
"notes": [
{
"category": "description",
"text": "istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a \u0027\\0\u0027 character in a domain name in the (1) subject\u0027s Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "w3m: doesn\u0027t handle NULL in Common Name properly",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-2074"
},
{
"category": "external",
"summary": "RHBZ#604855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=604855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-2074",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2074"
}
],
"release_date": "2010-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-07-27T12:58:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0565"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:w3m-0:0.5.1-17.el5_5.i386",
"5Client:w3m-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-0:0.5.1-17.el5_5.src",
"5Client:w3m-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Client:w3m-img-0:0.5.1-17.el5_5.i386",
"5Client:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Client:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Client:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Client:w3m-img-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-0:0.5.1-17.el5_5.i386",
"5Server:w3m-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-0:0.5.1-17.el5_5.src",
"5Server:w3m-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.i386",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-debuginfo-0:0.5.1-17.el5_5.x86_64",
"5Server:w3m-img-0:0.5.1-17.el5_5.i386",
"5Server:w3m-img-0:0.5.1-17.el5_5.ia64",
"5Server:w3m-img-0:0.5.1-17.el5_5.ppc",
"5Server:w3m-img-0:0.5.1-17.el5_5.s390x",
"5Server:w3m-img-0:0.5.1-17.el5_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "w3m: doesn\u0027t handle NULL in Common Name properly"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…