Описание
HTTPS MitM vulnerability due to lack of hostname verification
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests.
This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch.
The problem was addressed by leveraging rust-openssl's built-in support for hostname verification.
Ссылки
Пакеты
Наименование
hyper
rust
Затронутые версииВерсия исправления
< 0.9.4
0.9.4
Связанные уязвимости
CVSS3: 4.8
nvd
больше 6 лет назад
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.
CVSS3: 4.8
debian
больше 6 лет назад
An issue was discovered in the hyper crate before 0.9.4 for Rust on Wi ...