Описание
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-2900
- https://security.gentoo.org/glsa/201612-53
- http://seclists.org/oss-sec/2014/q2/126
- http://seclists.org/oss-sec/2014/q2/130
- http://secunia.com/advisories/57743
- http://www.securityfocus.com/bid/66780
- http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html
- http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html
EPSS
Процентиль: 52%
0.00285
Низкий
CVE ID
Связанные уязвимости
nvd
почти 12 лет назад
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
debian
почти 12 лет назад
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certifica ...
EPSS
Процентиль: 52%
0.00285
Низкий