[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2019-15525: Missing TLS/SSL certificate validation in pw3270
From: Carlos Eduardo <carlosecg () gmail ! com>
Date: 2019-08-26 12:25:18
Message-ID: CAGrd=aPxL96DK6YLr30=Lw7si00wW=RHBmn7b5uSpHt1dQSBEQ () mail ! gmail ! com
[Download RAW message or body]
CVE: Missing TLS/SSL certificate validation in pw3270
Affected versions: all versions before 5.1
Description:
pw3270 is a GTK based tn3270 terminal emulator. Versions up to 5.0 are
vulnerable to a TLS/SSL certificate validation flaw, leading to attackers
in a MitM position being able to affect confidentiality, integrity and
availability of traffic between the client and host, including credentials
used. This flaw was fixed in version 5.1.
Mitigation:
Upgrade to version 5.1 and up.
This vulnerability was discovered by Carlos Gon=C3=A7alves.
---
Carlos Gon=C3=A7alves
IT Security Analyst
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic