Lucene search

[email protected]NVD:CVE-2012-6086

HistoryJan 29, 2014 - 6:55 p.m.

CVE-2012-6086

2014-01-2918:55:26

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

NVD

Node

zabbixzabbixMatch1.8.1

zabbixzabbixMatch1.8.10rc1

zabbixzabbixMatch1.8.10rc2

zabbixzabbixMatch1.8.15rc1

zabbixzabbixMatch1.8.16

zabbixzabbixMatch2.0.0

zabbixzabbixMatch2.0.0rc1

zabbixzabbixMatch2.0.0rc2

zabbixzabbixMatch2.0.0rc3

zabbixzabbixMatch2.0.0rc4

zabbixzabbixMatch2.0.0rc5

zabbixzabbixMatch2.0.0rc6

zabbixzabbixMatch2.0.1

zabbixzabbixMatch2.0.1rc1

zabbixzabbixMatch2.0.1rc2

zabbixzabbixMatch2.0.2

zabbixzabbixMatch2.0.3

zabbixzabbixMatch2.0.4

zabbixzabbixMatch2.0.5

zabbixzabbixMatch2.0.6

zabbixzabbixMatch2.1.0

zabbixzabbixMatch2.1.1

References

www.openwall.com/lists/oss-security/2013/01/03/1

www.securityfocus.com/bid/57103

support.zabbix.com/browse/ZBX-5924

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for NVD:CVE-2012-6086

cve1 ubuntucve1 openvas12 prion1 fedora10 nessus4 debiancve1 cvelist1