Описание
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.1.83 (включая)
Одновременно
cpe:2.3:a:linecorp:line:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.2.1 (включая)
Одновременно
cpe:2.3:a:linecorp:line:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
EPSS
Процентиль: 33%
0.00129
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-310