CVE-2010-5076

Qt <4.7.0-rc1 - Man-in-the-Middle

Title source: llm
STIX 2.1

Description

QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References (9)

Core 9
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1504-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49895
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0880.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41236
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49604
Various Sources x_refsource_confirm
https://bugreports.qt-project.org/browse/QTBUG-4455

Scores

EPSS 0.0140
EPSS Percentile 69.4%

Details

CWE
CWE-20
Status published
Products (30)
digia/qt < 4.6.4
qt/qt 4.0.0
qt/qt 4.0.1
qt/qt 4.1.0
qt/qt 4.1.1
qt/qt 4.1.2
qt/qt 4.1.3
qt/qt 4.1.4
qt/qt 4.1.5
qt/qt 4.2.0
... and 20 more
Published Jun 29, 2012
Tracked Since Feb 18, 2026