Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2010-2074

EPSS 1.84% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2010-2074

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
istream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
W3M NULL Character CA SSL 证书确认安全绕过漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
w3m是一款开源的基于文本的Web浏览器。 w3m的istream存在漏洞,当开启ssl_verify_server时,无法正确处理X.509证书(1)主题的公用名或(2)主题备用名中某域名的'\0'字符,攻击者可以利用合法认证机构颁发的特制证书冒充任意SSL服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2010-2074

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2010-2074

登录查看更多情报信息。

Same Patch Batch · n/a · 2010-06-16 · 14 CVEs total

CVE-2010-1932XnView堆缓冲溢出漏洞
CVE-2010-2070Xen本地拒绝服务漏洞
CVE-2010-2071Linux内核btrfs 'fs/btrfs/acl.c'btrfs_xattr_set_acl函数权限许可和访问控制问题漏洞
CVE-2010-2072Radovan_Garabik pyftpd临时目录不安全文件创建漏洞
CVE-2010-2073Radovan_Garabik pyftpd远程默认账号漏洞
CVE-2010-2305Symantec Sygate Personal Firewall 'SSHelper.dll'ActiveX控件缓冲区溢出漏洞
CVE-2010-2306Sourcefire 3D Sensor和Defense Center默认安装状态配置错误漏洞
CVE-2010-2307Motorola SBV6120E SURFboard Digital Voice Modem多个目录遍历漏洞
CVE-2010-2308Sophos Anti-Virus过滤器驱动程序未明漏洞
CVE-2010-2309Evological EvoCam HTTP GET请求远程溢出漏洞
CVE-2010-2310SolarWinds TFTP Server 写入请求拒绝服务漏洞
CVE-2010-2311Power Tab栈缓冲区溢出漏洞
CVE-2010-2312HauntmAx Haunted House Directory Listing CMS 'index.php'SQL注入漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2010-2074

No comments yet

Leave a comment