Lucene search
PRIOn knowledge basePRION:CVE-2014-8151HistoryJan 15, 2015 - 3:59 p.m.
Code injection
2015-01-1515:59:00
PRIOn knowledge base
www.prio-n.com
4
The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Related
ubuntucve
ubuntucve
CVE-2014-8151
2015-01-15 00:00:00
debiancve
debiancve
CVE-2014-8151
2015-01-15 15:59:07
cve
cve
CVE-2014-8151
2015-01-15 15:59:07
nvd
nvd
CVE-2014-8151
2015-01-15 15:59:07
cvelist
cvelist
CVE-2014-8151
2015-01-15 15:00:00
ibm
ibm
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
openvas
openvas
Juniper Networks Junos OS Multiple cURL and libcurl Vulnerabilities
2016-05-07 00:00:00
nessus
nessus
GLSA-201701-47 : cURL: Multiple vulnerabilities
2017-01-20 00:00:00
Mac OS X < 10.10.5 Multiple Vulnerabilities
2015-10-16 00:00:00
Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
2015-08-17 00:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00