Published: 01/08/2016 Updated: 09/10/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Intel Crosswalk prior to 19.49.514.5, 20.x prior to 20.50.533.11, 21.x prior to 21.51.546.0, and 22.x prior to 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle malicious users to spoof SSL servers and obtain sensitive information via a crafted certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel crosswalk

CWE-310 CWE-20 https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue https://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-July/002167.html https://crosswalk-project.org/jira/browse/XWALK-6986 http://www.kb.cert.org/vuls/id/217871 https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/http://packetstormsecurity.com/files/138107/Intel-Crosswalk-Project-Man-In-The-Middle.html http://www.securityfocus.com/bid/92199 http://www.securityfocus.com/archive/1/539051/100/0/threaded https://nvd.nist.gov https://www.kb.cert.org/vuls/id/217871

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-5672

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect