NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
BID:51955
Info
NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
| Bugtraq ID: | 51955 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 10 2012 12:00AM |
| Updated: | Feb 10 2012 12:00AM |
| Credit: | Carlos Pantelides |
| Vulnerable: |
NetBeans JIRA Plugin 0 NetBeans Bugzilla Plugin 0 |
| Not Vulnerable: | |
Discussion
NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
NetBeans plugins are prone to a security vulnerability that may allow attackers to conduct spoofing attacks.
Attackers can exploit this issue to spoof a valid server and conduct man-in-the-middle attacks. Successful exploits will cause victims to accept the certificates assuming they are from a legitimate site.
The following plugins are vulnerable:
JIRA plugin for NetBeans 1.2.1
Bugzilla plugin for NetBeans 1.15.1
Other versions may also be affected.
NetBeans plugins are prone to a security vulnerability that may allow attackers to conduct spoofing attacks.
Attackers can exploit this issue to spoof a valid server and conduct man-in-the-middle attacks. Successful exploits will cause victims to accept the certificates assuming they are from a legitimate site.
The following plugins are vulnerable:
JIRA plugin for NetBeans 1.2.1
Bugzilla plugin for NetBeans 1.15.1
Other versions may also be affected.
Exploit / POC
NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
NetBeans Plugins SSL Certificate Validation Spoofing Vulnerability
References:
References: