CVE-2014-0636

Опубликовано: 11 апр. 2014

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html
Broken Link
http://www.securityfocus.com/bid/66791
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html
Broken Link
http://www.securityfocus.com/bid/66791
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00134

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-w9vh-ww93-6g87

github

больше 3 лет назад