Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:3406
HistoryFeb 02, 2017 - 8:25 a.m.

Spoofing SSL Servers Via An Arbitrary Valid Certificate.

2017-02-0208:25:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7

EPSS

0.001

Percentile

41.5%

JSON

AFNetworking has a flaw which allows attackers to spoof SSL servers. The vulnerability exists because the default value for AFSecurityPolicy.validatesDomainName is not set to Yes. Therefore, it does not perform verification of a server hostname against the domain name in the subject’s Common Name (CN) of the X.509 certificate.

Related

prion 1
owncloud 3
nvd 1
cve 1
cvelist 1
prion
prion
Default configuration
2015-10-27 16:59:00
owncloud
owncloud
Improper validation of certificates within the iOS application
2015-08-31 00:00:00
Improper validation of certificates within the iOS application - ownCloud
2015-08-31 11:45:37
Mobile App: Improper validation of certificates within the iOS application
2015-08-03 14:56:11
nvd
nvd
CVE-2015-3996
2015-10-27 16:59:00
cve
cve
CVE-2015-3996
2015-10-27 16:59:00
cvelist
cvelist
CVE-2015-3996
2015-10-27 16:00:00

EPSS

0.001

Percentile

41.5%

JSON
Related for VERACODE:3406
prion1owncloud3nvd1cve1cvelist1