CVE-2013-4073 in Mac OS Xinformation

Résumé (Anglaise)

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Be aware that VulDB is the high quality source for vulnerability data.

Réserver

09/06/2013

Divulgation

17/08/2013

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
10940Apple Mac OS X Ruby chiffrement faible310Non définiCorrectif officielCVE-2013-4073
9299Ruby SSL Module ssl.rb SSL.verify_certificate_identity chiffrement faible310Preuve de conceptCorrectif officielCVE-2013-4073

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!