10 matches found
K15873: cURL/libcURL vulnerability CVE-2014-2522
Security Advisory Description curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2019-1172)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM ToolsCenter is affected by several cURL potential vulnerabilities (CVE-2014-0015, CVE-2014-0139, CVE-2014-0138, CVE-2014-2522)
Summary Security vulnerabilities have been discovered in cURL that were reported in January and March of 2014 by the cURL project. Vulnerability Details Abstract Security vulnerabilities have been discovered in cURL that were reported in January and March of 2014 by the cURL project. Content...
SOL15873 - cURL/libcURL vulnerability CVE-2014-2522
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...
CVE-2014-2522
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...
CVE-2014-2522
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...
CVE-2014-2522
CVE-2014-2522 affects curl/libcurl running on Windows with the SChannel/WinSSL TLS backend when accessing URLs using a numerical IP address. The root cause is that hostname verification against the certificate’s CN or subjectAltName is not performed, enabling MITM-style spoofing with an arbitrary...
CVE-2014-2522
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP...
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2014-086-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-086-01. The text itsel...
cURL/libcURL SSL证书验证安全限制绕过漏洞
BUGTRAQ ID: 66296 CVE ID: CVE-2014-2522 cURL是命令行传输文件工具,支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 cURL/libcURL在服务器证书的验证上存在安全漏洞,成功利用后可导致中间人攻击或服务器欺骗。 0 cURL 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://curl.haxx.se/...