RedHat Update For W3m RHSA-2010:0565-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published &quot null prefix attack&quot , caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue.

Affected

w3m on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2010-July/msg00020.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2074

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1549
RedHat Security Advisory RHSA-2009:1651
RedHat Security Advisory RHSA-2009:0308
RedHat Security Advisory RHSA-2009:0297
RedHat Security Advisory RHSA-2009:1339

RedHat Update for w3m RHSA-2010:0565-01

Take action and discover your vulnerabilities