Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-5606

Опубликовано: 19 нояб. 2013
Источник: redhat
CVSS2: 4.3

Описание

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7nssNot affected
Red Hat Enterprise Linux 5nsprFixedRHSA-2013:179105.12.2013
Red Hat Enterprise Linux 5nssFixedRHSA-2013:179105.12.2013
Red Hat Enterprise Linux 6nsprFixedRHSA-2013:182912.12.2013
Red Hat Enterprise Linux 6nssFixedRHSA-2013:182912.12.2013
Red Hat Enterprise Linux 6nss-utilFixedRHSA-2013:182912.12.2013
RHEV 3.X Hypervisor and Agents for RHEL-6rhev-hypervisor6FixedRHSA-2014:004121.01.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1031457nss: CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates (MFSA 2013-103)

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-5606

ubuntu
почти 12 лет назад

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

nvd логотип

CVE-2013-5606

nvd
почти 12 лет назад

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

debian логотип

CVE-2013-5606

debian
почти 12 лет назад

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Netw ...

github логотип

GHSA-mphq-fg36-pppm

github
больше 3 лет назад

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

oracle-oval логотип

ELSA-2013-1829

oracle-oval
больше 11 лет назад

ELSA-2013-1829: nss, nspr, and nss-util security update (IMPORTANT)

4.3 Medium

CVSS2