Lucene search
HistoryApr 22, 2014 - 2:23 p.m.
CVE-2014-2900
cve-2014-2900
wolfssl
cyassl
x.509
certificate validation
security vulnerability
man-in-the-middle
9.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
Affected configurations
Node
yasslcyasslRange≤2.9.0
ORyasslcyasslMatch0.2.0
ORyasslcyasslMatch0.3.0
ORyasslcyasslMatch0.4.0
ORyasslcyasslMatch0.5.0
ORyasslcyasslMatch0.5.5
ORyasslcyasslMatch0.6.0
ORyasslcyasslMatch0.6.2
ORyasslcyasslMatch0.6.3
ORyasslcyasslMatch0.8.0
ORyasslcyasslMatch0.9.0
ORyasslcyasslMatch0.9.6
ORyasslcyasslMatch0.9.8
ORyasslcyasslMatch0.9.9
ORyasslcyasslMatch1.0.0rc1
ORyasslcyasslMatch1.0.0rc2
ORyasslcyasslMatch1.0.0rc3
ORyasslcyasslMatch1.0.2
ORyasslcyasslMatch1.0.3
ORyasslcyasslMatch1.0.6
ORyasslcyasslMatch1.1.0
ORyasslcyasslMatch1.2.0
ORyasslcyasslMatch1.3.0
ORyasslcyasslMatch1.4.0
ORyasslcyasslMatch1.5.0
ORyasslcyasslMatch1.5.4
ORyasslcyasslMatch1.5.6
ORyasslcyasslMatch1.6.0
ORyasslcyasslMatch1.6.5
ORyasslcyasslMatch1.8.0
ORyasslcyasslMatch1.9.0
ORyasslcyasslMatch2.0.0rc1
ORyasslcyasslMatch2.0.0rc2
ORyasslcyasslMatch2.0.0rc3
ORyasslcyasslMatch2.0.2
ORyasslcyasslMatch2.0.6
ORyasslcyasslMatch2.0.8
ORyasslcyasslMatch2.2.0
ORyasslcyasslMatch2.3.0
ORyasslcyasslMatch2.4.0
ORyasslcyasslMatch2.4.6
ORyasslcyasslMatch2.5.0
ORyasslcyasslMatch2.6.0
ORyasslcyasslMatch2.7.0
ORyasslcyasslMatch2.8.0
References
Related
cvelist
cvelist
CVE-2014-2900
2014-04-22 14:00:00
prion
prion
Code injection
2014-04-22 14:23:00
nvd
nvd
CVE-2014-2900
2014-04-22 14:23:36
nessus
nessus
GLSA-201612-53 : CyaSSL: Multiple vulnerabilities
2017-01-03 00:00:00
gentoo
gentoo
CyaSSL: Multiple vulnerabilities
2016-12-31 00:00:00
9.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%
Related for CVE-2014-2900