Veracode Vulnerability DatabaseVERACODE:11240Man-in-the-middle Attack
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Git is vulnerable to man-in-the-middle attack. The SSL X.509 v3 certificate validation on the IMAP server’s certificate does not check that the server’s hostname matched the one provided in the CN field of the server’s certificate.
| CPE | Name | Operator | Version |
|---|---|---|---|
| git | eq | 1.7.1__2.el6 | |
| git | eq | 1.7.1__2.el6_0.1 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586
lists.apple.com/archives/security-announce/2013/Sep/msg00007.html
lists.opensuse.org/opensuse-updates/2013-03/msg00005.html
lists.opensuse.org/opensuse-updates/2013-03/msg00007.html
marc.info/?l=git&m=136134619013145&w=2
rhn.redhat.com/errata/RHSA-2013-0589.html
secunia.com/advisories/52361
secunia.com/advisories/52443
secunia.com/advisories/52467
support.apple.com/kb/HT5937
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.securityfocus.com/bid/58148
www.securitytracker.com/id/1028205
access.redhat.com/security/updates/classification/#moderate
bugzilla.novell.com/show_bug.cgi?id=804730
bugzilla.redhat.com/show_bug.cgi?id=909977
exchange.xforce.ibmcloud.com/vulnerabilities/82329
raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt
rhn.redhat.com/errata/RHSA-2013-0589.html
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N