Lucene search
RustsecRUSTSEC-2016-0002HistoryMay 09, 2016 - 12:00 p.m.
HTTPS MitM vulnerability due to lack of hostname verification
2016-05-0912:00:00
rustsec.org
9
0.001 Low
EPSS
Percentile
28.7%
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
perform hostname verification when making HTTPS requests.
This allows an attacker to perform MitM attacks by preventing any valid
CA-issued certificate, even if there’s a hostname mismatch.
The problem was addressed by leveraging rust-openssl’s built-in support for
hostname verification.
Related
github
github
HTTPS MitM vulnerability due to lack of hostname verification
2021-08-25 20:43:06
cvelist
cvelist
CVE-2016-10932
2019-08-26 12:01:57
cve
cve
CVE-2016-10932
2019-08-26 13:15:10
osv
osv
HTTPS MitM vulnerability due to lack of hostname verification
2016-05-09 12:00:00
CVE-2016-10932
2019-08-26 13:15:10
HTTPS MitM vulnerability due to lack of hostname verification
2021-08-25 20:43:06
prion
prion
Design/Logic Flaw
2019-08-26 13:15:00
nvd
nvd
CVE-2016-10932
2019-08-26 13:15:10
debiancve
debiancve
CVE-2016-10932
2019-08-26 13:15:10