5.8

CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version7.10.6
HaxxCurl Version7.10.7
HaxxCurl Version7.10.8
HaxxCurl Version7.11.0
HaxxCurl Version7.11.1
HaxxCurl Version7.11.2
HaxxCurl Version7.12.0
HaxxCurl Version7.12.1
HaxxCurl Version7.12.2
HaxxCurl Version7.12.3
HaxxCurl Version7.13.0
HaxxCurl Version7.13.1
HaxxCurl Version7.13.2
HaxxCurl Version7.14.0
HaxxCurl Version7.14.1
HaxxCurl Version7.15.0
HaxxCurl Version7.15.1
HaxxCurl Version7.15.2
HaxxCurl Version7.15.3
HaxxCurl Version7.15.4
HaxxCurl Version7.15.5
HaxxCurl Version7.16.0
HaxxCurl Version7.16.1
HaxxCurl Version7.16.2
HaxxCurl Version7.16.3
HaxxCurl Version7.16.4
HaxxCurl Version7.17.0
HaxxCurl Version7.17.1
HaxxCurl Version7.18.0
HaxxCurl Version7.18.1
HaxxCurl Version7.18.2
HaxxCurl Version7.19.0
HaxxCurl Version7.19.1
HaxxCurl Version7.19.2
HaxxCurl Version7.19.3
HaxxCurl Version7.19.4
HaxxCurl Version7.19.5
HaxxCurl Version7.19.6
HaxxCurl Version7.19.7
HaxxCurl Version7.20.0
HaxxCurl Version7.20.1
HaxxCurl Version7.21.0
HaxxCurl Version7.21.1
HaxxCurl Version7.21.2
HaxxCurl Version7.21.3
HaxxCurl Version7.21.4
HaxxCurl Version7.21.5
HaxxCurl Version7.21.6
HaxxCurl Version7.21.7
HaxxCurl Version7.22.0
HaxxCurl Version7.23.0
HaxxCurl Version7.23.1
HaxxCurl Version7.24.0
HaxxCurl Version7.25.0
HaxxCurl Version7.26.0
HaxxCurl Version7.27.0
HaxxCurl Version7.28.0
HaxxCurl Version7.28.1
HaxxCurl Version7.29.0
HaxxCurl Version7.30.0
HaxxCurl Version7.31.0
HaxxCurl Version7.32.0
HaxxCurl Version7.33.0
HaxxCurl Version7.34.0
HaxxCurl Version7.35.0
HaxxLibcurl Version7.10.6
HaxxLibcurl Version7.10.7
HaxxLibcurl Version7.10.8
HaxxLibcurl Version7.11.0
HaxxLibcurl Version7.11.1
HaxxLibcurl Version7.11.2
HaxxLibcurl Version7.12.0
HaxxLibcurl Version7.12.1
HaxxLibcurl Version7.12.2
HaxxLibcurl Version7.12.3
HaxxLibcurl Version7.13.0
HaxxLibcurl Version7.13.1
HaxxLibcurl Version7.13.2
HaxxLibcurl Version7.14.0
HaxxLibcurl Version7.14.1
HaxxLibcurl Version7.15.0
HaxxLibcurl Version7.15.1
HaxxLibcurl Version7.15.2
HaxxLibcurl Version7.15.3
HaxxLibcurl Version7.15.4
HaxxLibcurl Version7.15.5
HaxxLibcurl Version7.16.0
HaxxLibcurl Version7.16.1
HaxxLibcurl Version7.16.2
HaxxLibcurl Version7.16.3
HaxxLibcurl Version7.16.4
HaxxLibcurl Version7.17.0
HaxxLibcurl Version7.17.1
HaxxLibcurl Version7.18.0
HaxxLibcurl Version7.18.1
HaxxLibcurl Version7.18.2
HaxxLibcurl Version7.19.0
HaxxLibcurl Version7.19.1
HaxxLibcurl Version7.19.2
HaxxLibcurl Version7.19.3
HaxxLibcurl Version7.19.4
HaxxLibcurl Version7.19.5
HaxxLibcurl Version7.19.6
HaxxLibcurl Version7.19.7
HaxxLibcurl Version7.20.0
HaxxLibcurl Version7.20.1
HaxxLibcurl Version7.21.0
HaxxLibcurl Version7.21.1
HaxxLibcurl Version7.21.2
HaxxLibcurl Version7.21.3
HaxxLibcurl Version7.21.4
HaxxLibcurl Version7.21.5
HaxxLibcurl Version7.21.6
HaxxLibcurl Version7.21.7
HaxxLibcurl Version7.22.0
HaxxLibcurl Version7.23.0
HaxxLibcurl Version7.23.1
HaxxLibcurl Version7.24.0
HaxxLibcurl Version7.25.0
HaxxLibcurl Version7.26.0
HaxxLibcurl Version7.27.0
HaxxLibcurl Version7.28.0
HaxxLibcurl Version7.28.1
HaxxLibcurl Version7.29.0
HaxxLibcurl Version7.30.0
HaxxLibcurl Version7.31.0
HaxxLibcurl Version7.32.0
HaxxLibcurl Version7.33.0
HaxxLibcurl Version7.34.0
HaxxLibcurl Version7.35.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.89% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://secunia.com/advisories/57836
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://secunia.com/advisories/59458
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://secunia.com/advisories/58615
http://www-01.ibm.com/support/docview.wss?uid=swg21675820
http://www.debian.org/security/2014/dsa-2902
http://www.ubuntu.com/usn/USN-2167-1
http://advisories.mageia.org/MGASA-2015-0165.html
http://curl.haxx.se/docs/adv_20140326B.html
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:213