Lucene search
HistoryNov 29, 2011 - 5:55 p.m.
CVE-2011-3367
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
57.7%
Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
Affected configurations
Node
arora-browseraroraMatch0.11.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| arora-browser | arora | 0.11.0 | cpe:2.3:a:arora-browser:arora:0.11.0:*:*:*:*:*:*:* |
References
Related
openvas
openvas
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
2011-12-15 00:00:00
Fedora Update for arora FEDORA-2011-14756
2011-12-16 00:00:00
Fedora Update for arora FEDORA-2011-14719
2012-03-19 00:00:00
nessus
nessus
Fedora 16 : arora-0.11.0-3.fc16 (2011-14719)
2011-12-13 00:00:00
Fedora 15 : arora-0.11.0-3.fc15 (2011-14756)
2011-12-15 00:00:00
GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-15 00:00:00
cvelist
cvelist
CVE-2011-3367
2011-11-29 17:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: arora-0.11.0-3.fc16
2011-12-12 21:58:37
[SECURITY] Fedora 15 Update: arora-0.11.0-3.fc15
2011-12-14 23:35:18
prion
prion
Design/Logic Flaw
2011-11-29 17:55:00
ubuntucve
ubuntucve
CVE-2011-3367
2011-11-29 00:00:00
cve
cve
CVE-2011-3367
2011-11-29 17:55:01
securityvulns
securityvulns
UI spoofing in different QT applications
2011-10-10 00:00:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
57.7%
Related for NVD:CVE-2011-3367