What is the severity of CVE-2013-7449?

CVE-2013-7449 is considered a high severity vulnerability due to its potential to enable man-in-the-middle attacks.

How do I fix CVE-2013-7449?

To fix CVE-2013-7449, update HexChat to version 2.10.2 or later, or ensure compliance with XChat or XChat-GNOME's latest secure versions.

Which software is affected by CVE-2013-7449?

CVE-2013-7449 affects HexChat versions prior to 2.10.2, as well as XChat and XChat-GNOME without proper hostname verification.

Can CVE-2013-7449 allow attackers to impersonate a server?

Yes, CVE-2013-7449 allows man-in-the-middle attackers to spoof SSL servers through arbitrary valid certificates.

Where do I report issues related to CVE-2013-7449?

Issues related to CVE-2013-7449 can be reported in the respective projects' issue trackers or on relevant bug report platforms.

Vulnerability/
CVE-2013-7449

medium

6.5

CWE

310

28/3/2014

21/4/2016

12/5/2023

CVE-2013-7449

First published: Fri Mar 28 2014(Updated: )

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/hexchat	<2.10.2	2.10.2
Ubuntu Linux	=12.04
Ubuntu Linux	=14.04
Ubuntu Linux	=15.10
XChat
XChat
HexChat	<=2.10.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7449?
CVE-2013-7449 is considered a high severity vulnerability due to its potential to enable man-in-the-middle attacks.
How do I fix CVE-2013-7449?
To fix CVE-2013-7449, update HexChat to version 2.10.2 or later, or ensure compliance with XChat or XChat-GNOME's latest secure versions.
Which software is affected by CVE-2013-7449?
CVE-2013-7449 affects HexChat versions prior to 2.10.2, as well as XChat and XChat-GNOME without proper hostname verification.
Can CVE-2013-7449 allow attackers to impersonate a server?
Yes, CVE-2013-7449 allows man-in-the-middle attackers to spoof SSL servers through arbitrary valid certificates.
Where do I report issues related to CVE-2013-7449?
Issues related to CVE-2013-7449 can be reported in the respective projects' issue trackers or on relevant bug report platforms.

collector/redhat-bugzilla
alias/CVE-2013-7449
agent/type
agent/last-modified-date
agent/first-publish-date
agent/author
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/12.04
version/ubuntu linux/14.04
version/ubuntu linux/15.10
vendor/xchat
canonical/xchat
vendor/hexchat project
canonical/hexchat
version/hexchat/2.10.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.