4.3
CVE-2014-1492
- EPSS 1.77%
- Veröffentlicht 25.03.2014 13:25:38
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version <= 3.15.5
Mozilla ≫ Network Security Services Version3.2
Mozilla ≫ Network Security Services Version3.2.1
Mozilla ≫ Network Security Services Version3.3
Mozilla ≫ Network Security Services Version3.3.1
Mozilla ≫ Network Security Services Version3.3.2
Mozilla ≫ Network Security Services Version3.4
Mozilla ≫ Network Security Services Version3.4.1
Mozilla ≫ Network Security Services Version3.4.2
Mozilla ≫ Network Security Services Version3.5
Mozilla ≫ Network Security Services Version3.6
Mozilla ≫ Network Security Services Version3.6.1
Mozilla ≫ Network Security Services Version3.7
Mozilla ≫ Network Security Services Version3.7.1
Mozilla ≫ Network Security Services Version3.7.2
Mozilla ≫ Network Security Services Version3.7.3
Mozilla ≫ Network Security Services Version3.7.5
Mozilla ≫ Network Security Services Version3.7.7
Mozilla ≫ Network Security Services Version3.8
Mozilla ≫ Network Security Services Version3.9
Mozilla ≫ Network Security Services Version3.11.2
Mozilla ≫ Network Security Services Version3.11.3
Mozilla ≫ Network Security Services Version3.11.4
Mozilla ≫ Network Security Services Version3.11.5
Mozilla ≫ Network Security Services Version3.12
Mozilla ≫ Network Security Services Version3.12.1
Mozilla ≫ Network Security Services Version3.12.2
Mozilla ≫ Network Security Services Version3.12.3
Mozilla ≫ Network Security Services Version3.12.3.1
Mozilla ≫ Network Security Services Version3.12.3.2
Mozilla ≫ Network Security Services Version3.12.4
Mozilla ≫ Network Security Services Version3.12.5
Mozilla ≫ Network Security Services Version3.12.6
Mozilla ≫ Network Security Services Version3.12.7
Mozilla ≫ Network Security Services Version3.12.8
Mozilla ≫ Network Security Services Version3.12.9
Mozilla ≫ Network Security Services Version3.12.10
Mozilla ≫ Network Security Services Version3.12.11
Mozilla ≫ Network Security Services Version3.14
Mozilla ≫ Network Security Services Version3.14.1
Mozilla ≫ Network Security Services Version3.14.2
Mozilla ≫ Network Security Services Version3.14.3
Mozilla ≫ Network Security Services Version3.14.4
Mozilla ≫ Network Security Services Version3.14.5
Mozilla ≫ Network Security Services Version3.15
Mozilla ≫ Network Security Services Version3.15.1
Mozilla ≫ Network Security Services Version3.15.2
Mozilla ≫ Network Security Services Version3.15.3
Mozilla ≫ Network Security Services Version3.15.3.1
Mozilla ≫ Network Security Services Version3.15.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.77% | 0.752 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://security.gentoo.org/glsa/201504-01
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.debian.org/security/2014/dsa-2994
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
http://secunia.com/advisories/59866
http://secunia.com/advisories/60621
http://secunia.com/advisories/60794
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
http://www.securityfocus.com/bid/66356
http://www.ubuntu.com/usn/USN-2159-1
http://www.ubuntu.com/usn/USN-2185-1
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
https://bugzilla.redhat.com/show_bug.cgi?id=1079851
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
https://hg.mozilla.org/projects/nss/rev/709d4e597979