CVE-2014-1492 in Mozilla Network Security Servicesinformación

Resumen (Inglés)

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Reservar

2014-01-16

Divulgación

2014-03-25

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
12685	Mozilla Network Security Services p12creat.c sec_pkcs12_new_asafe escalada de privilegios	20	No probado	Arreglo oficial	CVE-2014-1492
12684	Mozilla Network Security Services Domain Name escalada de privilegios	20	No probado	Arreglo oficial	CVE-2014-1492

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!