Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0350

Опубликовано: 26 апр. 2014
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pocoproject:poco_c\+\+_libraries:*:p3:*:*:*:*:*:*
Версия до 1.4.6 (включая)
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:-:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p1:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p2:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.002
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

ubuntu логотип

CVE-2014-0350

ubuntu
почти 12 лет назад

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

debian логотип

CVE-2014-0350

debian
почти 12 лет назад

The Poco::Net::X509Certificate::verify method in the NetSSL library in ...

github логотип

GHSA-whgv-p774-rw69

github
больше 3 лет назад

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

EPSS

Процентиль: 42%
0.002
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-310