Lucene search

Veracode Vulnerability DatabaseVERACODE:7291

HistoryAug 14, 2018 - 5:36 a.m.

Man-in-the-Middle (MitM)

2018-08-1405:36:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

libcurl.so is vulnerable to man-in-the-middle (MitM) attacks. The library does not properly verify the server name in the certificate, allowing a malicious user conducting an MitM attack to spoof servers.

CPENameOperatorVersion
libcurl.soeq4.3.0

CPE	Name	Operator	Version
	libcurl.so	eq	4.3.0

References

curl.haxx.se/docs/adv_20140326C.html

secunia.com/advisories/57836

secunia.com/advisories/57966

secunia.com/advisories/57968

support.apple.com/kb/HT6150

twitter.com/agl__/statuses/437029812046422016

twitter.com/okoeroo/statuses/437272014043496449

www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

curl.haxx.se/docs/adv_20140326C.html

gist.github.com/rmoriz/fb2b0a6a0ce10550ab73

github.com/curl/curl/commit/afc6e5004fabee

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:7291