CVE-2014-2522 in cURLinfo

Zusammenfassung

von MITRE

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

17.03.2014

Veröffentlichung

18.04.2014

Moderieren

akzeptiert

Eintrag

VDB-12693

CPE

bereit

EPSS

0.02576

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!