CVE-2015-2674

Опубликовано: 09 авг. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

Ссылки

http://www.openwall.com/lists/oss-security/2015/03/23/7
Mailing List
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1202837
Issue Tracking
Third Party Advisory
VDB Entry
https://github.com/benoitc/restkit/issues/140
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/23/7
Mailing List
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1202837
Issue Tracking
Third Party Advisory
VDB Entry
https://github.com/benoitc/restkit/issues/140
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:restkit:restkit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2015-2674

CVSS3: 5.9

ubuntu

больше 8 лет назад

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.

CVE-2015-2674

CVSS3: 5.9

debian

больше 8 лет назад

Restkit allows man-in-the-middle attackers to spoof TLS servers by lev ...

GHSA-p9cv-hrxr-fxx8

CVSS3: 5.9

github

больше 3 лет назад

Restkit Does Not Validate TLS certificates

EPSS

Процентиль: 56%

0.0034

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295