Описание
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system nss |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses system nss]] |
| lucid | not-affected | uses system nss |
| precise | not-affected | uses system nss |
| quantal | not-affected | uses system nss |
| saucy | not-affected | uses system nss |
| trusty | not-affected | uses system nss |
| trusty/esm | DNE | trusty was not-affected [uses system nss] |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 29.0+build1-0ubuntu0.14.04.2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [29.0+build1-0ubuntu0.14.04.2]] |
| lucid | ignored | end of life |
| precise | released | 29.0+build1-0ubuntu0.12.04.2 |
| quantal | released | 29.0+build1-0ubuntu0.12.10.3 |
| saucy | released | 29.0+build1-0ubuntu0.13.10.3 |
| trusty | released | 29.0+build1-0ubuntu0.14.04.2 |
| trusty/esm | DNE | trusty was released [29.0+build1-0ubuntu0.14.04.2] |
| upstream | released | 29.0 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:3.15.4-1ubuntu7 |
| esm-infra-legacy/trusty | not-affected | 2:3.15.4-1ubuntu7 |
| lucid | released | 3.15.4-0ubuntu0.10.04.2 |
| precise | released | 3.15.4-0ubuntu0.12.04.2 |
| quantal | released | 3.15.4-0ubuntu0.12.10.2 |
| saucy | released | 2:3.15.4-0ubuntu0.13.10.2 |
| trusty | released | 2:3.15.4-1ubuntu7 |
| trusty/esm | not-affected | 2:3.15.4-1ubuntu7 |
| upstream | released | 3.16 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | uses system nss |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses system nss]] |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| saucy | DNE | |
| trusty | not-affected | uses system nss |
| trusty/esm | DNE | trusty was not-affected [uses system nss] |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| lucid | ignored | end of life |
| precise | not-affected | |
| quantal | ignored | end of life |
| saucy | ignored | end of life |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
ELSA-2014-1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (LOW)
EPSS
4.3 Medium
CVSS2