Lucene search
GoogleOSV:GHSA-273V-G3X4-R3RCHistoryMay 14, 2022 - 3:47 a.m.
Improper Certificate Validation in vt-ldap
2022-05-1403:47:38
Google
osv.dev
7
certificate validation
server hostname
x.509 certificate
man-in-the-middle
ssl servers
EPSS
0.001
Percentile
46.1%
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
shibboleth.net/community/advisories/secadv_20140919.txt
bugzilla.redhat.com/show_bug.cgi?id=1140438
code.google.com/archive/p/vt-middleware/issues/226
code.google.com/archive/p/vt-middleware/issues/227
code.google.com/archive/p/vt-middleware/issues/228
code.google.com/archive/p/vt-middleware/source/default/commits
code.google.com/p/vt-middleware/source/detail?r=3046
nvd.nist.gov/vuln/detail/CVE-2014-3607
Related
ubuntucve
ubuntucve
CVE-2014-3607
2018-01-08 00:00:00
prion
prion
Code injection
2018-01-08 19:29:00
cvelist
cvelist
CVE-2014-3607
2018-01-08 19:00:00
ibm
ibm
debiancve
debiancve
CVE-2014-3607
2018-01-08 19:29:00
github
github
Improper Certificate Validation in vt-ldap
2022-05-14 03:47:38
veracode
veracode
Certificate Spoofing
2018-11-20 08:55:54
cve
cve
CVE-2014-3607
2018-01-08 19:29:00
nvd
nvd
CVE-2014-3607
2018-01-08 19:29:00