CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CVE-2016-9952

The CVE-2016-9952 issue affects libcurl (lib/vtls/schannel.c) in Windows CE builds using the schannel TLS backend. It arises in verify_certificate for libcurl versions 7.30.0 through 7.51.0 and allows remote attackers to perform MITM attacks by presenting a crafted wildcard SAN in the server cert...

CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

CURL-CVE-2016-9952 Win CE Schannel cert wildcard matches too much

curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The...