CVE-2010-2074

Name of the Vulnerable Software and Affected Versions w3m version 0.5.2

Description The issue arises when ssl verify server is enabled and the software fails to properly handle a '0' character in a domain name within the subject's Common Name or the Subject Alternative Name field of an X.509 certificate. This allows for man-in-the-middle attacks, where attackers can spoof arbitrary SSL servers using a crafted certificate issued by a legitimate Certification Authority.

Recommendations For w3m version 0.5.2, consider disabling the ssl verify server option as a temporary workaround until a patch is available. Restrict access to SSL servers to minimize the risk of exploitation. Avoid using certificates with '0' characters in domain names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.