6 matches found
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
Code injection
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
CVE-2014-0350
The CVE concerns POCO C++ Libraries’ NetSSL X509Certificate::verify in Poco::Net, vulnerable before 1.4.6p4 to MITM via crafted DNS PTRs during server-name wildcard comparison. Affected product: POCO’s NetSSL in POCO C++ Libraries; root cause: weak validation of X.509 CN/SAN matching against wild...
CVE-2014-0350
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...
POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates
Overview The POCO C++ Libraries NetSSL library fails to properly validate wildcard certificates, allowing an attacker to trick the victim application into trusting a malicious certificate. Description CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action Guenter Obiltschnig o...