mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
108 lines
3.7 KiB
JSON
108 lines
3.7 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2015-3008",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
|
|
},
|
|
{
|
|
"name" : "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
|
|
"refsource" : "FULLDISC",
|
|
"url" : "http://seclists.org/fulldisclosure/2015/Apr/22"
|
|
},
|
|
{
|
|
"name" : "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html",
|
|
"refsource" : "MISC",
|
|
"url" : "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
|
|
},
|
|
{
|
|
"name" : "http://downloads.asterisk.org/pub/security/AST-2015-003.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
|
|
},
|
|
{
|
|
"name" : "http://advisories.mageia.org/MGASA-2015-0153.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://advisories.mageia.org/MGASA-2015-0153.html"
|
|
},
|
|
{
|
|
"name" : "DSA-3700",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2016/dsa-3700"
|
|
},
|
|
{
|
|
"name" : "FEDORA-2015-5948",
|
|
"refsource" : "FEDORA",
|
|
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
|
|
},
|
|
{
|
|
"name" : "MDVSA-2015:206",
|
|
"refsource" : "MANDRIVA",
|
|
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
|
|
},
|
|
{
|
|
"name" : "74022",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/74022"
|
|
},
|
|
{
|
|
"name" : "1032052",
|
|
"refsource" : "SECTRACK",
|
|
"url" : "http://www.securitytracker.com/id/1032052"
|
|
}
|
|
]
|
|
}
|
|
}
|