Vulnerability-Lookup

CVE-2010-4211 (GCVE-0-2010-4211)

Vulnerability from cvelistv5 – Published: 2010-11-08 23:00 – Updated: 2024-08-07 03:34

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://viaforensics.com/press-releases/viaforensi…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2010/2887	vdb-entryx_refsource_VUPEN
	http://news.cnet.com/8301-27080_3-20021730-245.html	x_refsource_MISC
	http://www.securityfocus.com/bid/44657	vdb-entryx_refsource_BID
	http://online.wsj.com/article/SB10001424052748703…	x_refsource_MISC
	http://itunes.apple.com/us/app/paypal/id283646709	x_refsource_MISC
	http://viaforensics.com/security/viaforensics-unc…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Date Public ?

2010-11-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
          },
          {
            "name": "ADV-2010-2887",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2887"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
          },
          {
            "name": "44657",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44657"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://itunes.apple.com/us/app/paypal/id283646709"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
          },
          {
            "name": "paypal-certificate-info-disclosure(63002)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-11-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
        },
        {
          "name": "ADV-2010-2887",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2887"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
        },
        {
          "name": "44657",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44657"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://itunes.apple.com/us/app/paypal/id283646709"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
        },
        {
          "name": "paypal-certificate-info-disclosure(63002)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html",
              "refsource": "MISC",
              "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
            },
            {
              "name": "ADV-2010-2887",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2887"
            },
            {
              "name": "http://news.cnet.com/8301-27080_3-20021730-245.html",
              "refsource": "MISC",
              "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
            },
            {
              "name": "44657",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44657"
            },
            {
              "name": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html",
              "refsource": "MISC",
              "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
            },
            {
              "name": "http://itunes.apple.com/us/app/paypal/id283646709",
              "refsource": "MISC",
              "url": "http://itunes.apple.com/us/app/paypal/id283646709"
            },
            {
              "name": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html",
              "refsource": "MISC",
              "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
            },
            {
              "name": "paypal-certificate-info-disclosure(63002)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4211",
    "datePublished": "2010-11-08T23:00:00.000Z",
    "dateReserved": "2010-11-08T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:34:37.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-4211",
      "date": "2026-04-25",
      "epss": "0.00085",
      "percentile": "0.24551"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0\", \"matchCriteriaId\": \"3B5F87AC-4F63-4FEB-A926-DAC25C760F6F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D3BE2B-5A01-4AD4-A436-0056B50A535D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A20F171-79FE-43B9-8309-B18341639FA1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"126EF22D-29BC-4366-97BC-B261311E6251\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.\"}, {\"lang\": \"es\", \"value\": \"La aplicaci\\u00f3n de PayPal anterior a v3.0.1 de IOS no comprueba que el nombre del servidor coincide con el nombre de dominio del sujeto de un certificado X.509, que permite a los atacantes \\\"man-in-the-middle\\\"  falsificar un servidor web de PayPal a trav\\u00e9s de un certificado de su elecci\\u00f3n.\"}]",
      "id": "CVE-2010-4211",
      "lastModified": "2024-11-21T01:20:27.617",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.9, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 5.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-11-09T01:00:02.697",
      "references": "[{\"url\": \"http://itunes.apple.com/us/app/paypal/id283646709\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://news.cnet.com/8301-27080_3-20021730-245.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/44657\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2887\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/63002\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://itunes.apple.com/us/app/paypal/id283646709\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://news.cnet.com/8301-27080_3-20021730-245.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/44657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/63002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4211\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-11-09T01:00:02.697\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n de PayPal anterior a v3.0.1 de IOS no comprueba que el nombre del servidor coincide con el nombre de dominio del sujeto de un certificado X.509, que permite a los atacantes \\\"man-in-the-middle\\\"  falsificar un servidor web de PayPal a trav\u00e9s de un certificado de su elecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":2.9,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"3B5F87AC-4F63-4FEB-A926-DAC25C760F6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D3BE2B-5A01-4AD4-A436-0056B50A535D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A20F171-79FE-43B9-8309-B18341639FA1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126EF22D-29BC-4366-97BC-B261311E6251\"}]}]}],\"references\":[{\"url\":\"http://itunes.apple.com/us/app/paypal/id283646709\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://news.cnet.com/8301-27080_3-20021730-245.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/44657\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2887\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/63002\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://itunes.apple.com/us/app/paypal/id283646709\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://news.cnet.com/8301-27080_3-20021730-245.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/44657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/63002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2010-4211

Vulnerability from fkie_nvd - Published: 2010-11-09 01:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://itunes.apple.com/us/app/paypal/id283646709
cve@mitre.org	http://news.cnet.com/8301-27080_3-20021730-245.html
cve@mitre.org	http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
cve@mitre.org	http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
cve@mitre.org	http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
cve@mitre.org	http://www.securityfocus.com/bid/44657
cve@mitre.org	http://www.vupen.com/english/advisories/2010/2887	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/63002
af854a3a-2127-422b-91ae-364da2661108	http://itunes.apple.com/us/app/paypal/id283646709
af854a3a-2127-422b-91ae-364da2661108	http://news.cnet.com/8301-27080_3-20021730-245.html
af854a3a-2127-422b-91ae-364da2661108	http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html
af854a3a-2127-422b-91ae-364da2661108	http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html
af854a3a-2127-422b-91ae-364da2661108	http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/44657
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2887	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/63002

Impacted products

Vendor	Product	Version
ebay	paypal	*
apple	iphone_os	3.1
apple	iphone_os	3.1.2
apple	iphone_os	3.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B5F87AC-4F63-4FEB-A926-DAC25C760F6F",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n de PayPal anterior a v3.0.1 de IOS no comprueba que el nombre del servidor coincide con el nombre de dominio del sujeto de un certificado X.509, que permite a los atacantes \"man-in-the-middle\"  falsificar un servidor web de PayPal a trav\u00e9s de un certificado de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2010-4211",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-11-09T01:00:02.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://itunes.apple.com/us/app/paypal/id283646709"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/44657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2887"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://itunes.apple.com/us/app/paypal/id283646709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/44657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201011-0089

Vulnerability from variot - Updated: 2023-12-18 13:20

The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. eBay PayPal is prone to a security-bypass vulnerability because it fails to properly verify x.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers which will aid in further attacks. NOTE: This issue affects connections on unsecured Wi-Fi networks. Versions prior to PayPal 3.0.1 for iOS-based mobile devices are vulnerable. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics

Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

TITLE: McAfee Products Archive Handling Security Bypass

SECUNIA ADVISORY ID: SA34949

VERIFY ADVISORY: http://secunia.com/advisories/34949/

DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality.

The weaknesses are caused due to errors in the handling of archive file formats (e.g.

SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp

PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger.

ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. ____________

From the low-hanging-fruit-department - Mcafee multiple generic evasions

Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between)

Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan

It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced

I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions."

II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive.

III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html

The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code.

IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date

06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date

06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII

10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date

21/04/2009 : Mcafee provides CVE number CVE-2009-1348

28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

29/04/2009 : Ask for affected versions

29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint"

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201011-0089",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "paypal",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ebay",
        "version": "3.0"
      },
      {
        "model": "paypal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ebay",
        "version": "ios edition  3.0.1"
      },
      {
        "model": "paypal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ebay",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "BID",
        "id": "44657"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-4211",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2010-4211",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "id": "VHN-46816",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-4211",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201011-094",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-46816",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. eBay PayPal is prone to a security-bypass vulnerability because it fails to properly verify x.509 certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers which will aid in further attacks. \nNOTE: This issue affects connections on unsecured Wi-Fi networks. \nVersions prior to PayPal 3.0.1 for iOS-based mobile devices are vulnerable. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nHighlights from the 2008 report:\n * Vulnerability Research\n * Software Inspection Results\n * Secunia Research Highlights\n * Secunia Advisory Statistics\n\nRequest the full 2008 Report here:\nhttp://secunia.com/advisories/try_vi/request_2008_report/\n\nStay Secure,\n\nSecunia\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMcAfee Products Archive Handling Security Bypass\n\nSECUNIA ADVISORY ID:\nSA34949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34949/\n\nDESCRIPTION:\nSome weaknesses have been reported in various McAfee products, which\ncan be exploited by malware to bypass the scanning functionality. \n\nThe weaknesses are caused due to errors in the handling of archive\nfile formats (e.g. \n\nSOLUTION:\nUpdate .DAT files to DAT 5600 or later. \nhttp://www.mcafee.com/apps/downloads/security_updates/dat.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n* Thierry Zoller\n* The vendor also credits Mickael Roger. \n\nORIGINAL ADVISORY:\nMcAfee:\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nThierry Zoller:\nhttp://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ________________________________________________________________________\n\nFrom the low-hanging-fruit-department - Mcafee multiple generic evasions\n________________________________________________________________________\n\nRelease mode: Coordinated but limited disclosure. \nRef         : TZO-182009 - Mcafee multiple generic evasions\nWWW         : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\nVendor      : http://www.mcafee.com\nStatus      : Patched\nCVE         : CVE-2009-1348 (provided by mcafee)\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nSecurity notification reaction rating : very good\nNotification to patch window : +-27 days (Eastern holidays in between)\n\nDisclosure Policy : \nhttp://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html\n\nAffected products : \n- McAfee VirusScan\\xae Plus 2009\n- McAfee Total Protection\\x99 2009\n- McAfee Internet Security\n- McAfee VirusScan USB\n- McAfee VirusScan Enterprise\n- McAfee VirusScan Enterprise Linux\n- McAfee VirusScan Enterprise for SAP\n- McAfee VirusScan Enterprise for Storage\n- McAfee VirusScan Commandline\n- Mcafee SecurityShield for Microsoft ISA Server\n- Mcafee Security for Microsoft Sharepoint\n- Mcafee Security for Email Servers\n- McAfee Email Gateyway\n- McAfee Total Protection for Endpoint\n- McAfee Active Virus Defense\n- McAfee Active VirusScan\n \nIt is unkown whether SaaS were affected (tough likely) :\n- McAfee Email Security Service\n- McAfee Total Protection Service Advanced\n\n\nI. Background\n~~~~~~~~~~~~~\nQuote: \"McAfee proactively secures systems and networks from known \nand as yet undiscovered threats worldwide. Home users, businesses, \nservice providers, government agencies, and our partners all trust \nour unmatched security expertise and have confidence in our \ncomprehensive and proven solutions to effectively block attacks\nand prevent disruptions.\"\n\n\nII. Description\n~~~~~~~~~~~~~~~\nThe parsing engine can be bypassed by a specially crafted and formated\nRAR (Headflags and Packsize),ZIP (Filelenght) archive. \n\nIII. Impact\n~~~~~~~~~~~\nA general description of the impact and nature of AV Bypasses/evasions\ncan be read at : \nhttp://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html\n\nThe bug results in denying the engine the possibility to inspect\ncode within RAR and ZIP archives. There is no inspection of the content\nat all and hence the impossibility to detect malicious code. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD/MM/YYYY\n04/04/2009 : Send proof of concept RAR I, description the terms under which \n             I cooperate and the planned disclosure date\n                         \n06/04/2009 : Send proof of concept RAR II, description the terms under which \n             I cooperate and the planned disclosure date\n                         \n06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack\n             acknowledges receipt of RARII                       \n                         \n10/04/2009 : Send proof of concept ZIP I, description the terms under which \n             I cooperate and the planned disclosure date\n\n21/04/2009 : Mcafee provides CVE number CVE-2009-1348 \n                         \n28/04/2009 : Mcafee informs me that the patch might be released on the 29th\n29/04/2009 : Mcafee confirms patch release and provides URL\n             https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n                         \n29/04/2009 : Ask for affected versions\n\n29/04/2009 : Mcafee replies \" This issue does affect all vs engine products, including \n             both gateway and endpoint\"\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "BID",
        "id": "44657"
      },
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-4211",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "44657",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-2887",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "63002",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10001",
        "trust": 0.2
      },
      {
        "db": "SECUNIA",
        "id": "34949",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-46816",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77183",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77170",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "BID",
        "id": "44657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "id": "VAR-201011-0089",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:20:22.564000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PayPal on your iPhone",
        "trust": 0.8,
        "url": "https://personal.paypal.com/us/cgi-bin/?\u0026cmd=_render-content\u0026content_id=marketing_us/mobile_iphone"
      },
      {
        "title": "PayPal",
        "trust": 0.8,
        "url": "http://itunes.apple.com/us/app/paypal/id283646709"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://online.wsj.com/article/sb10001424052748703506904575592782874885808.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/44657"
      },
      {
        "trust": 1.7,
        "url": "http://itunes.apple.com/us/app/paypal/id283646709"
      },
      {
        "trust": 1.7,
        "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
      },
      {
        "trust": 1.7,
        "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
      },
      {
        "trust": 1.7,
        "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/2887"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4211"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4211"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/63002"
      },
      {
        "trust": 0.3,
        "url": "http://itunes.apple.com/us/app/paypal/id283646709?mt=8#"
      },
      {
        "trust": 0.3,
        "url": "https://personal.paypal.com/us/cgi-bin/?\u0026cmd=_render-content\u0026content_id=marketing_us/mobile_iphone"
      },
      {
        "trust": 0.2,
        "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
      },
      {
        "trust": 0.2,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10001\u0026actp=list_recent"
      },
      {
        "trust": 0.1,
        "url": "http://www.mcafee.com/apps/downloads/security_updates/dat.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34949/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mcafee.com"
      },
      {
        "trust": 0.1,
        "url": "http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html"
      },
      {
        "trust": 0.1,
        "url": "http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "BID",
        "id": "44657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "db": "BID",
        "id": "44657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-11-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "date": "2010-11-04T00:00:00",
        "db": "BID",
        "id": "44657"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "date": "2009-05-02T05:21:02",
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "date": "2009-05-01T02:03:00",
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "date": "2010-11-09T01:00:02.697000",
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "date": "2010-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-46816"
      },
      {
        "date": "2015-04-13T21:02:00",
        "db": "BID",
        "id": "44657"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      },
      {
        "date": "2017-08-17T01:33:08.307000",
        "db": "NVD",
        "id": "CVE-2010-4211"
      },
      {
        "date": "2010-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PayPal app In  Paypal Web Vulnerability impersonating a server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-003380"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201011-094"
      }
    ],
    "trust": 0.6
  }
}

GSD-2010-4211

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-4211

Aliases

CVE-2010-4211

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-4211",
    "description": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.",
    "id": "GSD-2010-4211"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-4211"
      ],
      "details": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.",
      "id": "GSD-2010-4211",
      "modified": "2023-12-13T01:21:29.731415Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-4211",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html",
            "refsource": "MISC",
            "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
          },
          {
            "name": "ADV-2010-2887",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/2887"
          },
          {
            "name": "http://news.cnet.com/8301-27080_3-20021730-245.html",
            "refsource": "MISC",
            "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
          },
          {
            "name": "44657",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/44657"
          },
          {
            "name": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html",
            "refsource": "MISC",
            "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
          },
          {
            "name": "http://itunes.apple.com/us/app/paypal/id283646709",
            "refsource": "MISC",
            "url": "http://itunes.apple.com/us/app/paypal/id283646709"
          },
          {
            "name": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html",
            "refsource": "MISC",
            "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
          },
          {
            "name": "paypal-certificate-info-disclosure(63002)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ebay:paypal:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://itunes.apple.com/us/app/paypal/id283646709",
              "refsource": "MISC",
              "tags": [],
              "url": "http://itunes.apple.com/us/app/paypal/id283646709"
            },
            {
              "name": "http://news.cnet.com/8301-27080_3-20021730-245.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
            },
            {
              "name": "ADV-2010-2887",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2887"
            },
            {
              "name": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
            },
            {
              "name": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
            },
            {
              "name": "44657",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/44657"
            },
            {
              "name": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
            },
            {
              "name": "paypal-certificate-info-disclosure(63002)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:33Z",
      "publishedDate": "2010-11-09T01:00Z"
    }
  }
}

GHSA-HGP2-5F7Q-M5JP

Vulnerability from github – Published: 2022-05-17 02:04 – Updated: 2022-05-17 02:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-4211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-11-09T01:00:00Z",
    "severity": "LOW"
  },
  "details": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.",
  "id": "GHSA-hgp2-5f7q-m5jp",
  "modified": "2022-05-17T02:04:47Z",
  "published": "2022-05-17T02:04:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4211"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
    },
    {
      "type": "WEB",
      "url": "http://itunes.apple.com/us/app/paypal/id283646709"
    },
    {
      "type": "WEB",
      "url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
    },
    {
      "type": "WEB",
      "url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
    },
    {
      "type": "WEB",
      "url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
    },
    {
      "type": "WEB",
      "url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/44657"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2887"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-4211 (GCVE-0-2010-4211)

FKIE_CVE-2010-4211

VAR-201011-0089

GSD-2010-4211

GHSA-HGP2-5F7Q-M5JP

Tags

Sightings

Nomenclature