Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-1263

Published: 27/02/2014 Updated: 05/05/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Apple

Vulnerability Summary

curl and libcurl 7.27.0 up to and including 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x prior to 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle malicious users to spoof servers via an arbitrary valid certificate.

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x 10.9

apple mac os x

References

CWE-310http://twitter.com/okoeroo/statuses/437272014043496449http://support.apple.com/kb/HT6150https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73http://twitter.com/agl__/statuses/437029812046422016http://secunia.com/advisories/57836http://secunia.com/advisories/57966http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://secunia.com/advisories/57968http://curl.haxx.se/docs/adv_20140326C.htmlhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook