Lucene search

[email protected]CVE-2012-6086

HistoryJan 29, 2014 - 6:55 p.m.

CVE-2012-6086

2014-01-2918:55:26

CWE-310

[email protected]

web.nvd.nist.gov

cve-2012-6086

zabbix

libcurl

ssl

man-in-the-middle

certificate spoofing

nvd

9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.9%

JSON

libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

NVD

Node

zabbixzabbixMatch1.8.1

zabbixzabbixMatch1.8.10rc1

zabbixzabbixMatch1.8.10rc2

zabbixzabbixMatch1.8.15rc1

zabbixzabbixMatch1.8.16

zabbixzabbixMatch2.0.0

zabbixzabbixMatch2.0.0rc1

zabbixzabbixMatch2.0.0rc2

zabbixzabbixMatch2.0.0rc3

zabbixzabbixMatch2.0.0rc4

zabbixzabbixMatch2.0.0rc5

zabbixzabbixMatch2.0.0rc6

zabbixzabbixMatch2.0.1

zabbixzabbixMatch2.0.1rc1

zabbixzabbixMatch2.0.1rc2

zabbixzabbixMatch2.0.2

zabbixzabbixMatch2.0.3

zabbixzabbixMatch2.0.4

zabbixzabbixMatch2.0.5

zabbixzabbixMatch2.0.6

zabbixzabbixMatch2.1.0

zabbixzabbixMatch2.1.1

CPENameOperatorVersion
zabbix:zabbixzabbixeq1.8.1
zabbix:zabbixzabbixeq1.8.10
zabbix:zabbixzabbixeq1.8.15
zabbix:zabbixzabbixeq1.8.16
zabbix:zabbixzabbixeq2.0.0
zabbix:zabbixzabbixeq2.0.1
zabbix:zabbixzabbixeq2.0.2
zabbix:zabbixzabbixeq2.0.3
zabbix:zabbixzabbixeq2.0.4
zabbix:zabbixzabbixeq2.0.5

CPE	Name	Operator	Version
zabbix:zabbix	zabbix	eq	1.8.1
zabbix:zabbix	zabbix	eq	1.8.10
zabbix:zabbix	zabbix	eq	1.8.15
zabbix:zabbix	zabbix	eq	1.8.16
zabbix:zabbix	zabbix	eq	2.0.0
zabbix:zabbix	zabbix	eq	2.0.1
zabbix:zabbix	zabbix	eq	2.0.2
zabbix:zabbix	zabbix	eq	2.0.3
zabbix:zabbix	zabbix	eq	2.0.4
zabbix:zabbix	zabbix	eq	2.0.5