CVE-2013-1014

Published: 20/05/2013 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 4.9 | Exploitability Score: 5.5

VMScore: 383

Vector: AV:A/AC:M/Au:N/C:P/I:P/A:N

Apple iTunes prior to 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle malicious users to spoof HTTPS servers via an arbitrary valid certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple itunes 10.2
apple itunes 10.4
apple itunes 10.1.2
apple itunes 10.2.2.12
apple itunes 10.5.3
apple itunes 10.6
apple itunes 10.5.1.42
apple itunes 9.1.1
apple itunes 9.0.1
apple itunes 7.0.2
apple itunes 7.1.0
apple itunes 7.4.0
apple itunes 7.4.1
apple itunes 7.4.2
apple itunes 7.6.2
apple itunes 7.7
apple itunes 6.0.4
apple itunes 6.0.5
apple itunes 4.5
apple itunes 4.5.0
apple itunes 4.8.0
apple itunes 4.9.0
apple itunes 10.3
apple itunes 10.1
apple itunes 10.1.1
apple itunes 10.5.2
apple itunes 10.4.0.80
apple itunes 9.2
apple itunes 9.0.3
apple itunes 7.0.0
apple itunes 7.0.1
apple itunes 7.3.2
apple itunes 7.4
apple itunes 7.6.0
apple itunes 7.6.1
apple itunes 6.0.2
apple itunes 6.0.3
apple itunes 4.0.1
apple itunes 4.1.0
apple itunes 4.2.0
apple itunes 4.7.1
apple itunes 4.7.2
apple itunes 10.4.1
apple itunes 10.3.1
apple itunes 10.5
apple itunes 10.1.1.4
apple itunes 10.6.3
apple itunes 10.6.1
apple itunes 9.0.2
apple itunes 9.0.0
apple itunes 7.1.1
apple itunes 7.2.0
apple itunes 7.4.3
apple itunes 7.5
apple itunes 7.7.0
apple itunes 7.7.1
apple itunes 5.0
apple itunes 5.0.0
apple itunes 10.0
apple itunes 10.0.1
apple itunes 10.5.1
apple itunes 10.4.1.10
apple itunes 9.2.1
apple itunes 9.1
apple itunes 8.0.0
apple itunes 8.0.1
apple itunes 7.3.0
apple itunes 7.3.1
apple itunes 7.5.0
apple itunes 7.6
apple itunes 6.0.0
apple itunes 6.0.1
apple itunes 5.0.1
apple itunes 4.0.0
apple itunes 4.7
apple itunes 4.7.0
apple itunes 4.6
apple itunes 4.6.0
apple itunes

CWE-20 http://support.apple.com/kb/HT5766 http://lists.apple.com/archives/security-announce/2013/May/msg00000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17605 https://nvd.nist.gov

Get Started

CVE-2013-1014

Vulnerability Summary

References

Vulmon Search

About

Products

Connect