CVE-2010-5076

Name of the Vulnerable Software and Affected Versions Qt versions prior to 4.7.0-rc1

Description The issue allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This is possible because QSslSocket in Qt recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate.

Recommendations For Qt versions prior to 4.7.0-rc1, update to version 4.7.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of QSslSocket until a patch is available. Avoid using QSslSocket with certificates that contain wildcard IP addresses in the Common Name field until the issue is resolved.