Lucene search
K

10 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.44 views

K15873: cURL/libcURL vulnerability CVE-2014-2522

Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...

4CVSS5AI score0.02576EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.45 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.08031EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:25 a.m.36 views

Security Bulletin: IBM ToolsCenter is affected by several cURL potential vulnerabilities (CVE-2014-0015, CVE-2014-0139, CVE-2014-0138, CVE-2014-2522)

Summary Security vulnerabilities have been discovered in cURL that were reported in January and March of 2014 by the cURL project. Vulnerability Details Abstract Security vulnerabilities have been discovered in cURL that were reported in January and March of 2014 by the cURL project. Content...

6.4CVSS0.9AI score0.05599EPSS
Exploits2
F5 Networks
F5 Networks
added 2014/11/27 12:0 a.m.37 views

SOL15873 - cURL/libcURL vulnerability CVE-2014-2522

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

4CVSS1.6AI score0.02576EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2014/04/18 10:14 p.m.34 views

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...

4CVSS6.4AI score0.02576EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/04/18 7:0 p.m.35 views

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...

7.1AI score0.02576EPSS
Exploits1References12
CVE
CVE
added 2014/04/18 7:0 p.m.76 views

CVE-2014-2522

CVE-2014-2522 affects curl/libcurl running on Windows with the SChannel/WinSSL TLS backend when accessing URLs using a numerical IP address. The root cause is that hostname verification against the certificate’s CN or subjectAltName is not performed, enabling MITM-style spoofing with an arbitrary...

4CVSS6AI score0.02576EPSS
Exploits1References12Affected Software2
Debian CVE
Debian CVE
added 2014/04/18 7:0 p.m.44 views

CVE-2014-2522

curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...

4CVSS4.8AI score0.02576EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.39 views

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2014-086-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-086-01. The text itsel...

6.4CVSS6.2AI score0.0508EPSS
Exploits3References5
seebug.org
seebug.org
added 2014/03/21 12:0 a.m.74 views

cURL/libcURL SSL证书验证安全限制绕过漏洞

BUGTRAQ ID: 66296 CVE ID: CVE-2014-2522 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL在服务器证书的验证上存在安全漏洞,成功利用后可导致中间人攻击或服务器欺骗。 0 cURL 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://curl.haxx.se/...

4CVSS8.6AI score0.02576EPSS
Exploits1
Rows per page
Query Builder