9 matches found
Improper Certificate Validation in vt-ldap
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Security Bulletin: Ldaptive as used in IBM QRadar SIEM is vulnerable to spoofing (CVE-2014-3607)
Summary Ldaptive as used in IBM QRadar SIEM is vulnerable to spoofing Vulnerability Details CVEID: CVE-2014-3607 DESCRIPTION: Ldaptive could allow a remote attacker to conduct spoofing attack in DefaultHostnameVerifier, caused by the failure to properly verify that the server hostname matches a...
Code injection
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
DEBIAN-CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
DefaultHostnameVerifier in Ldaptive formerly vt-ldap does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2014-3607
CVE-2014-3607 affects Ldaptive (formerly vt-ldap) and its DefaultHostnameVerifier, which fails to ensure the server hostname matches a domain name in the X.509 certificate’s CN. This allows remote attackers to perform a MITM spoofing attack by using an arbitrary valid certificate. The issue is ob...