Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7099

Опубликовано: 28 сент. 2016
Источник: redhat
CVSS3: 7.4
CVSS2: 5.8
EPSS Низкий

Описание

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Mobile Application Platform 4nodejsNot affected
Red Hat OpenShift Enterprise 2nodejs010-nodejsWill not fix
Red Hat OpenShift Enterprise 3nodejsNot affected
Red Hat Software Collectionsnodejs010-nodejsWill not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-nodejs4-http-parserFixedRHSA-2017:000202.01.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-nodejs4-nodejsFixedRHSA-2017:000202.01.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-nodejs4-http-parserFixedRHSA-2017:000202.01.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-nodejs4-nodejsFixedRHSA-2017:000202.01.2017
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs4-http-parserFixedRHSA-2017:000202.01.2017
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs4-nodejsFixedRHSA-2017:000202.01.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1379921nodejs: wildcard certificates not properly validated

EPSS

Процентиль: 71%
0.00703
Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7099

CVSS3: 5.9
ubuntu
почти 9 лет назад

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

nvd логотип

CVE-2016-7099

CVSS3: 5.9
nvd
почти 9 лет назад

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

debian логотип

CVE-2016-7099

CVSS3: 5.9
debian
почти 9 лет назад

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...

github логотип

GHSA-79cw-cghj-vx7w

CVSS3: 5.9
github
около 3 лет назад

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

suse-cvrf логотип

SUSE-SU-2016:2470-2

suse-cvrf
почти 9 лет назад

Security update for nodejs4

EPSS

Процентиль: 71%
0.00703
Низкий

7.4 High

CVSS3

5.8 Medium

CVSS2