Описание
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.1 (включая)
Одновременно
Одно из
cpe:2.3:a:novell:kanaka:*:-:*:*:*:macos:*:*
cpe:2.3:a:novell:kanaka:2.7:-:*:*:*:macos:*:*
cpe:2.3:o:novell:open_enterprise_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00143
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
EPSS
Процентиль: 35%
0.00143
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-20