CVE-2011-1428 in WeeChatinfo

Summary

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/16/2011

Disclosure

03/16/2011

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-20

CVSS

6.5

EPSS

0.00165

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1428
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1428
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1428/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!