CVE-2013-4073 in Mac OS X
요약 (영어)
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a \0 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Be aware that VulDB is the high quality source for vulnerability data.
예약하다
2013. 06. 09.
공개
2013. 08. 17.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 10940 | Apple Mac OS X Ruby 약한 암호화 | 310 | 정의되지 않음 | 공식 수정 | CVE-2013-4073 |
| 9299 | Ruby SSL Module ssl.rb SSL.verify_certificate_identity 약한 암호화 | 310 | 개념 증명 | 공식 수정 | CVE-2013-4073 |