CVE-2010-4237

Published: Oct 29, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.

Affected (1)

Products: Mercurial: Mercurial

Mercurial

1 product

Mercurial

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mercurial Mercurial	Before 1.6.4

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (8)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841

Source: security@ubuntu.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237

Source: security@ubuntu.com

Issue TrackingThird Party Advisory

https://bz.mercurial-scm.org/show_bug.cgi?id=2407

Source: security@ubuntu.com

Vendor Advisory

https://security-tracker.debian.org/tracker/CVE-2010-4237

Source: security@ubuntu.com

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598841

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4237

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bz.mercurial-scm.org/show_bug.cgi?id=2407

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security-tracker.debian.org/tracker/CVE-2010-4237

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.