4.3

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Git-scmGit Version <= 1.8.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.66% 0.736
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586
http://lists.apple.com/archives/security-announce/2013/Sep/msg00007.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html
http://marc.info/?l=git&m=136134619013145&w=2
http://rhn.redhat.com/errata/RHSA-2013-0589.html
http://secunia.com/advisories/52361
Vendor Advisory
http://secunia.com/advisories/52443
Vendor Advisory
http://secunia.com/advisories/52467
Vendor Advisory
http://support.apple.com/kb/HT5937
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/58148
http://www.securitytracker.com/id/1028205
https://bugzilla.novell.com/show_bug.cgi?id=804730
https://bugzilla.redhat.com/show_bug.cgi?id=909977
https://exchange.xforce.ibmcloud.com/vulnerabilities/82329
https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt