CVE-2017-7192

EPSS 0.22%
Veröffentlicht 06.04.2017 14:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Starscream Project ≫ Starscream Version <= 2.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.421

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6

Patch

Third Party Advisory

https://github.com/daltoniam/Starscream/releases/tag/2.0.4

Third Party Advisory

Release Notes

http://seclists.org/bugtraq/2017/Apr/66

https://nvd.nist.gov/vuln/detail/CVE-2017-7192

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7192

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7192

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-7192