CVE-2014-0350

2014-04-2601:55:04

CWE-310

[email protected]

web.nvd.nist.gov

cve-2014-0350

netssl library

poco c++ libraries

man-in-the-middle attack

ssl servers

dns ptr

x.509 certificate

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.2%

JSON

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

Affected configurations

NVD

Node

pocoprojectpoco_c\+\+_librariesRange≤1.4.6p3

pocoprojectpoco_c\+\+_librariesMatch1.4.5

pocoprojectpoco_c\+\+_librariesMatch1.4.6-

pocoprojectpoco_c\+\+_librariesMatch1.4.6p1

pocoprojectpoco_c\+\+_librariesMatch1.4.6p2

CPENameOperatorVersion
pocoproject:poco_c\+\+_librariespocoproject poco c++ librariesle1.4.6
pocoproject:poco_c\+\+_librariespocoproject poco c++ librarieseq1.4.5