exploitDog

CVE-2016-6550

Опубликовано: 05 окт. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 4.3

EPSS Низкий

Описание

The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

http://www.kb.cert.org/vuls/id/338624
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93259
http://www.kb.cert.org/vuls/id/338624
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93259

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bb\&t:the_u:*:*:*:*:*:iphone_os:*:*

Версия до 1.5.4 (включая)

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-q6gq-22qv-8mhx

CVSS3: 5.4

github

больше 3 лет назад

The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 8%

0.0003

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-310