CVE-2010-2074
published 2010-06-16CVE-2010-2074: istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1)…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.49%
70.9th percentile
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | w3m | < w3m 0.5.2-5 (bookworm) | w3m 0.5.2-5 (bookworm) |
| tats | w3m | >= 0 < 0.5.2-5 | 0.5.2-5 |
| tats | w3m | >= 0 < 0.5.2-5 | 0.5.2-5 |
| tats | w3m | >= 0 < 0.5.2-5 | 0.5.2-5 |
| tats | w3m | >= 0 < 0.5.2-5 | 0.5.2-5 |
| w3m | w3m | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.9MEDIUM
vendor_ubuntu6.8MEDIUM
vendor_debian5.9LOW
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
w3m vulnerability
vendor_ubuntu·2010-08-09·CVSS 6.8
CVE-2010-2074 [MEDIUM] w3m vulnerability
Title: w3m vulnerability
Summary: The web browser w3m does not properly validate SSL/TLS certificates.
Ludwig Nussel discovered w3m does not properly handle SSL/TLS
certificates with NULL characters in the certificate name. An
attacker could exploit this to perform a machine-in-the-middle
attack to view sensitive information or alter encrypted
communications. (CVE-2010-2074)
Instructions: After a standard system update you need to restart any running instances
of w3m to effect the necessary changes.
Red Hat
w3m: doesn't handle NULL in Common Name properly
vendor_redhat·2010-06-14·CVSS 5.9
CVE-2010-2074 [MEDIUM] w3m: doesn't handle NULL in Common Name properly
w3m: doesn't handle NULL in Common Name properly
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Package: w3m (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-2074: w3m - istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is en...
vendor_debian·2010·CVSS 5.9
CVE-2010-2074 [MEDIUM] CVE-2010-2074: w3m - istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is en...
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Scope: local
bookworm: resolved (fixed in 0.5.2-5)
bullseye: resolved (fixed in 0.5.2-5)
forky: resolved (fixed in 0.5.2-5)
sid: resolved (fixed in 0.5.2-5)
trixie: resolved (fixed in 0.5.2-5)
GHSA
GHSA-xwjm-4v2q-p47f: istream
ghsa_unreviewed·2022-05-17·CVSS 5.9
CVE-2010-2074 [MEDIUM] CWE-20 GHSA-xwjm-4v2q-p47f: istream
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
OSV
CVE-2010-2074: istream
osv·2010-06-16·CVSS 5.9
CVE-2010-2074 [MEDIUM] CVE-2010-2074: istream
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
No detection rules found.
Bugzilla
CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
bugzilla·2010-06-16·CVSS 5.9
CVE-2010-2074 [MEDIUM] CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2074 to
the following vulnerability:
Name: CVE-2010-2074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074
Assigned: 20100525
Reference: MLIST:[oss-security] 20100614 CVE Request: w3m does not check null bytes CN/subjAltName
Reference: URL: http://www.openwall.com/lists/oss-security/2010/06/14/4
Reference: BID:40837
Reference: URL: http://www.securityfocus.com/bid/40837
Reference: SECUNIA:40134
Reference: URL: http://secunia.com/advisories/40134
Reference: VUPEN:ADV-2010-1467
Reference: URL: http://www.vupen.com/english/advisories/2010/1467
istream.c in w3m 0.5.2 and possibly other versions, when
ssl_verify_server is enabled, does not properl
Bugzilla
CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly [fedora-all]
bugzilla·2010-06-16·CVSS 6.8
CVE-2010-2074 [MEDIUM] CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly [fedora-all]
CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
Forr more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=604855
Please note: this issue affects multip
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://osvdb.org/65538http://secunia.com/advisories/40134http://secunia.com/advisories/40733http://www.openwall.com/lists/oss-security/2010/06/14/4http://www.redhat.com/support/errata/RHSA-2010-0565.htmlhttp://www.securityfocus.com/bid/40837http://www.securitytracker.com/id?1024252http://www.vupen.com/english/advisories/2010/1467http://www.vupen.com/english/advisories/2010/1879http://www.vupen.com/english/advisories/2010/1928http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044401.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://osvdb.org/65538http://secunia.com/advisories/40134http://secunia.com/advisories/40733http://www.openwall.com/lists/oss-security/2010/06/14/4http://www.redhat.com/support/errata/RHSA-2010-0565.htmlhttp://www.securityfocus.com/bid/40837http://www.securitytracker.com/id?1024252http://www.vupen.com/english/advisories/2010/1467http://www.vupen.com/english/advisories/2010/1879http://www.vupen.com/english/advisories/2010/1928
2010-06-16
Published