6 matches found
Mageia: Security Advisory (MGASA-2014-0353)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated serf packages fix CVE-2014-3504
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...
MGASA-2014-0353 Updated serf packages fix CVE-2014-3504
Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...
Fedora Update for libserf FEDORA-2014-9367
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-3504
The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...
CVE-2014-3504
CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...