MAN-IN-THE-MIDDLE

libcurl.so is vulnerable to man-in-the-middle attack. A lack of validation of the TLS certificate and hostname in the mbedconnectstep1 function in lib/vtls/mbedtls.c and polarsslconnectstep1 function in lib/vtls/polarssl.c allows a remote attacker to spoof servers and perform man-in-the-middle...

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...

CVE-2016-3739

CVE-2016-3739 affects curl/libcurl prior to 7.49.0. The flaw exists in the mbed_connect_step1 (mbedtls.c) and polarssl_connect_step1 (polarssl.c) code paths when using SSLv3 or TLS for a URL that resolves to a numerical IP address. This can enable remote attackers to spoof the TLS/SSL server by p...

CVE-2016-3739

The 1 mbedconnectstep1 function in lib/vtls/mbedtls.c and 2 polarsslconnectstep1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid...