Описание
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
Mercurial before 1.6.4 fails to verify the Common Name field of SSL ce ...
Mercurial Improper Certificate Validation vulnerability
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2