Rapid7 Vulnerability & Exploit Database

RHSA-2010:0565: w3m security update

Back to Search

RHSA-2010:0565: w3m security update

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
06/16/2010
Created
07/25/2018
Added
07/28/2010
Modified
07/04/2017

Description

The w3m program is a pager (or text file viewer) that can also be used as atext mode web browser.It was discovered that w3m is affected by the previously published "nullprefix attack", caused by incorrect handling of NULL characters in X.509certificates. If an attacker is able to get a carefully-crafted certificatesigned by a trusted Certificate Authority, the attacker could use thecertificate during a man-in-the-middle attack and potentially confuse w3minto accepting it by mistake. (CVE-2010-2074)All w3m users should upgrade to these updated packages, which contain abackported patch to correct this issue.

Solution(s)

  • redhat-upgrade-w3m
  • redhat-upgrade-w3m-img

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;