Описание
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Ссылки
- Mailing ListRelease NotesVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
- Release NotesVendor Advisory
- Mailing ListRelease NotesVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Уязвимость языка программирования Erlang, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
7.5 High
CVSS3
5 Medium
CVSS2