Published: 29/01/2014 Updated: 18/08/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

libs/zbxmedia/eztexting.c in Zabbix 1.8.x prior to 1.8.18rc1, 2.0.x prior to 2.0.8rc1, and 2.1.x prior to 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zabbix zabbix 2.0.0
zabbix zabbix 2.0.1
zabbix zabbix 2.0.6
zabbix zabbix 2.1.0
zabbix zabbix 2.1.1
zabbix zabbix 2.0.5
zabbix zabbix 1.8.1
zabbix zabbix 1.8.10
zabbix zabbix 2.0.3
zabbix zabbix 1.8.16
zabbix zabbix 2.0.2
zabbix zabbix 2.0.4
zabbix zabbix 1.8.15

Debian Bug report logs - #697443 zabbix: CVE-2012-6086: insecure curl usage Package: zabbix; Maintainer for zabbix is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Henri Salo <henri@nervfi> Date: Sat, 5 Jan 2013 13:06:04 UTC Severity: important Tags: security Found in version 1:202+dfsg-4 Fixed in version za ...

CWE-310 http://www.openwall.com/lists/oss-security/2013/01/03/1 https://support.zabbix.com/browse/ZBX-5924 http://www.securityfocus.com/bid/57103 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697443 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6086

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect