Security vulnerabilities have been discovered in Open Source cURL/libcURL that were reported on March 26, 2014 by the cURL/libcURL Project.
CVE-ID:CVE-2014-0139
**DESCRIPTION:**cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by an error in the hostmatch() function when validating certificates containing an IP address with a wildcard match within the Common Name field. By sending a specially-crafted SSL certificate containing wildcard characters, a remote attacker could exploit this vulnerability to spoof the server and launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92130> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID:CVE-2014-0138
**DESCRIPTION:**cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the re-use of previously used connections when processing new requests. An attacker could exploit this vulnerability to hijack the privileges of a different user’s session and launch further attacks on the system.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92131> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
SSM 4.0.0 FP1 - FP14 and Interim Fix 14-02
SSM 4.0.1 FP1 and Interim Fix 01-01
For Version 4.0.0
- Apply SSM 4.0.0.14 Interim Fix 03:
_ http://www.ibm.com/support/docview.wss?uid=isg400001838_
For Version 4.0.1
- Apply SSM 4.0.1.1 Interim Fix 02:
http://www.ibm.com/support/docview.wss?uid=isg400001832
None known
CPE | Name | Operator | Version |
---|---|---|---|
netcool/system service monitor | eq | 4.0 |