CVE-2014-3504

Опубликовано: 19 авг. 2014

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Комментарий

CWE-297: Improper Validation of Certificate with Host Mismatch

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:serf_project:serf:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:serf_project:serf:1.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02097

Низкий

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2014-3504

ubuntu

больше 11 лет назад

CVE-2014-3504

debian

больше 11 лет назад

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ ...

GHSA-4425-mwr9-99xc

github

больше 3 лет назад

EPSS

Процентиль: 84%

0.02097

Низкий

4 Medium

CVSS2

Дефекты

NVD-CWE-Other