CVE-2014-2522 in cURL정보

요약

\~에 의해 MITRE

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

출처

Do you know our Splunk app?

Download it now for free!