Описание
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1:6.0p1-1 |
| cosmic | not-affected | 1:6.0p1-1 |
| devel | not-affected | 1:6.0p1-1 |
| disco | not-affected | 1:6.0p1-1 |
| esm-apps/bionic | not-affected | 1:6.0p1-1 |
| esm-apps/xenial | not-affected | vulnerable code not built |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint re ...
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3