Lucene search

K

[email protected]NVD:CVE-2014-1263

HistoryFeb 27, 2014 - 1:55 a.m.

CVE-2014-1263

2014-02-2701:55:04

CWE-310

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Affected configurations

NVD

Node

applemac_os_xRange≤10.9.1

OR

applemac_os_xMatch10.9

References

curl.haxx.se/docs/adv_20140326C.html

secunia.com/advisories/57836

secunia.com/advisories/57966

secunia.com/advisories/57968

support.apple.com/kb/HT6150

twitter.com/agl__/statuses/437029812046422016

twitter.com/okoeroo/statuses/437272014043496449

www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

gist.github.com/rmoriz/fb2b0a6a0ce10550ab73

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

Related for NVD:CVE-2014-1263

prion1 f52 cvelist1 cve1 debiancve1 veracode1 securityvulns4 openvas2 nessus2 slackware1 hackerone1 seebug1