Lucene search
Ubuntu.comUB:CVE-2013-6422HistoryDec 17, 2013 - 12:00 a.m.
CVE-2013-6422
2013-12-1700:00:00
ubuntu.com
ubuntu.com
13
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.2%
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital
signature verification (CURLOPT_SSL_VERIFYPEER), also disables the
CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it
easier for remote attackers to spoof servers and conduct man-in-the-middle
(MITM) attacks.
Notes
| Author | Note |
|---|---|
| seth-arnold | Similar to but different from CVE-2013-4545 |
Related
securityvulns
securityvulns
cURL certificates spoofing
2013-12-23 00:00:00
[ MDVSA-2013:276 ] curl
2013-11-26 00:00:00
[USN-2058-1] curl vulnerability
2013-12-23 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : curl (EulerOS-SA-2020-1626)
2020-06-17 00:00:00
Fedora 19 : mingw-curl-7.33.0-1.fc19 (2013-21887)
2013-12-02 00:00:00
SuSE 11.2 / 11.3 Security Update : curl (SAT Patch Numbers 8617 / 8621)
2014-01-03 00:00:00
openvas
openvas
Fedora Update for mingw-curl FEDORA-2013-22046
2014-02-05 00:00:00
Fedora Update for mingw-curl FEDORA-2013-21887
2013-12-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0002-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-curl-7.33.0-1.fc20
2013-12-14 03:07:35
[SECURITY] Fedora 19 Update: mingw-curl-7.33.0-1.fc19
2013-12-02 09:35:24
[SECURITY] Fedora 20 Update: mingw-curl-7.37.0-1.fc20
2014-06-10 02:52:24
cve
cve
CVE-2013-4545
2013-11-23 11:55:00
CVE-2013-6422
2013-12-23 22:55:00
debian
debian
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
ubuntu
ubuntu
curl vulnerability
2013-12-05 00:00:00
curl vulnerability
2013-12-18 00:00:00
mageia
mageia
Updated curl packages fix CVE-2013-4545
2013-11-21 00:56:39
freebsd
freebsd
cURL library -- cert name check ignore with GnuTLS
2013-12-17 00:00:00
f5
f5
SOL15150 - cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
K15150 : cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
prion
prion
Design/Logic Flaw
2013-11-23 11:55:00
Design/Logic Flaw
2013-12-23 22:55:00
ubuntucve
ubuntucve
CVE-2013-4545
2013-11-23 00:00:00
debiancve
debiancve
CVE-2013-4545
2013-11-23 11:55:00
CVE-2013-6422
2013-12-23 22:55:00
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
gentoo
gentoo
cURL: Multiple vulnerabilities
2014-01-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Flex System Manager (FSM): (CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-013)
2019-01-31 01:30:01
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
64.2%
Related for UB:CVE-2013-6422