Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2014-0353)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS8.1AI score0.0315EPSS
Exploits0References4
Mageia
Mageia
added 2014/08/26 11:4 p.m.35 views

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS7.5AI score0.0315EPSS
Exploits0References2
OSV
OSV
added 2014/08/26 11:4 p.m.6 views

MGASA-2014-0353 Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

4CVSS6AI score0.0315EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/08/23 12:0 a.m.23 views

Fedora Update for libserf FEDORA-2014-9367

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS7.8AI score0.0315EPSS
Exploits0References2
OSV
OSV
added 2014/08/19 6:55 p.m.13 views

CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

4CVSS6AI score0.05581EPSS
Exploits0References9
CVE
CVE
added 2014/08/19 6:0 p.m.84 views

CVE-2014-3504

CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...

4CVSS8AI score0.0315EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder