ID | CVE-2014-1263 | ||||||
Sažetak | curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | AV:N/AC:M/Au:N/C:P/I:N/A:N | ||||||
Zadnje važnije ažuriranje | 05-05-2014 - 05:32 | ||||||
Objavljeno | 27-02-2014 - 01:55 |