Описание
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.1.0-2 |
| cosmic | not-affected | 1.1.0-2 |
| devel | not-affected | 1.1.0-2 |
| esm-apps/bionic | not-affected | 1.1.0-2 |
| esm-apps/xenial | not-affected | 1.1.0-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.1.0-2]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Isync 0.4 before 1.0.6, does not verify that the server hostname match ...
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
EPSS
4.3 Medium
CVSS2