Lucene search

K
cve[email protected]CVE-2013-4488
HistoryOct 10, 2014 - 1:55 a.m.

CVE-2013-4488

2014-10-1001:55:07
CWE-310
web.nvd.nist.gov
27
cve-2013-4488
libgadu
ssl
certificate verification
vulnerability
man-in-the-middle

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.9%

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.

Affected configurations

NVD
Node
libgadulibgaduRange1.11.4
CPENameOperatorVersion
libgadu:libgadulibgadule1.11.4

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.9%