Описание
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate va ...
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
EPSS
7.4 High
CVSS3
5.8 Medium
CVSS2