Описание
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 7.35.0-1ubuntu2 |
| lucid | released | 7.19.7-1ubuntu1.7 |
| precise | released | 7.22.0-3ubuntu4.8 |
| quantal | released | 7.27.0-1ubuntu1.9 |
| saucy | released | 7.32.0-1ubuntu1.4 |
| upstream | released | 7.36.0 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qso ...
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации
EPSS
5.8 Medium
CVSS2