exploitDog

CVE-2017-14709

Опубликовано: 12 июл. 2018

Источник: nvd

CVSS3: 7.4

CVSS2: 5.8

EPSS Низкий

Описание

The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/
Third Party Advisory
https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:komoot:komoot:*:*:*:*:*:iphone_os:*:*

Версия до 9.3.2 (исключая)

EPSS

Процентиль: 31%

0.00117

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2cm7-8qxw-pw3h

CVSS3: 7.4

github

больше 3 лет назад

The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

EPSS

Процентиль: 31%

0.00117

Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-200