Lucene search

[email protected]NVD:CVE-2014-2900

HistoryApr 22, 2014 - 2:23 p.m.

CVE-2014-2900

2014-04-2214:23:36

CWE-310

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

Affected configurations

NVD

Node

yasslcyasslRange≤2.9.0

yasslcyasslMatch0.2.0

yasslcyasslMatch0.3.0

yasslcyasslMatch0.4.0

yasslcyasslMatch0.5.0

yasslcyasslMatch0.5.5

yasslcyasslMatch0.6.0

yasslcyasslMatch0.6.2

yasslcyasslMatch0.6.3

yasslcyasslMatch0.8.0

yasslcyasslMatch0.9.0

yasslcyasslMatch0.9.6

yasslcyasslMatch0.9.8

yasslcyasslMatch0.9.9

yasslcyasslMatch1.0.0rc1

yasslcyasslMatch1.0.0rc2

yasslcyasslMatch1.0.0rc3

yasslcyasslMatch1.0.2

yasslcyasslMatch1.0.3

yasslcyasslMatch1.0.6

yasslcyasslMatch1.1.0

yasslcyasslMatch1.2.0

yasslcyasslMatch1.3.0

yasslcyasslMatch1.4.0

yasslcyasslMatch1.5.0

yasslcyasslMatch1.5.4

yasslcyasslMatch1.5.6

yasslcyasslMatch1.6.0

yasslcyasslMatch1.6.5

yasslcyasslMatch1.8.0

yasslcyasslMatch1.9.0

yasslcyasslMatch2.0.0rc1

yasslcyasslMatch2.0.0rc2

yasslcyasslMatch2.0.0rc3

yasslcyasslMatch2.0.2

yasslcyasslMatch2.0.6

yasslcyasslMatch2.0.8

yasslcyasslMatch2.2.0

yasslcyasslMatch2.3.0

yasslcyasslMatch2.4.0

yasslcyasslMatch2.4.6

yasslcyasslMatch2.5.0

yasslcyasslMatch2.6.0

yasslcyasslMatch2.7.0

yasslcyasslMatch2.8.0

References

seclists.org/oss-sec/2014/q2/126

seclists.org/oss-sec/2014/q2/130

secunia.com/advisories/57743

www.securityfocus.com/bid/66780

www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html

security.gentoo.org/glsa/201612-53

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

Related for NVD:CVE-2014-2900

cvelist1 cve1 prion1 nessus1 gentoo1