8.1

CVE-2016-5672

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IntelCrosswalk Version <= 19.49.514.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.74% 0.747
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/138107/Intel-Crosswalk-Project-Man-In-The-Middle.html
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/217871
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/539051/100/0/threaded
http://www.securityfocus.com/bid/92199
Third Party Advisory
VDB Entry
https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/
Vendor Advisory
https://crosswalk-project.org/jira/browse/XWALK-6986
Permissions Required
Technical Description
https://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-July/002167.html
Vendor Advisory
https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue
Third Party Advisory