Описание
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.0 (исключая)
cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00183
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 6 лет назад
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
CVSS3: 8.1
debian
больше 6 лет назад
An issue was discovered in the openssl crate before 0.9.0 for Rust. Th ...
EPSS
Процентиль: 40%
0.00183
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-295