mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-13 15:06:46 +00:00
107 lines
4.0 KiB
JSON
107 lines
4.0 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2015-3008",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html",
|
|
"refsource": "MISC",
|
|
"url": "http://packetstormsecurity.com/files/131364/Asterisk-Project-Security-Advisory-AST-2015-003.html"
|
|
},
|
|
{
|
|
"name": "74022",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/74022"
|
|
},
|
|
{
|
|
"name": "MDVSA-2015:206",
|
|
"refsource": "MANDRIVA",
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:206"
|
|
},
|
|
{
|
|
"name": "http://advisories.mageia.org/MGASA-2015-0153.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://advisories.mageia.org/MGASA-2015-0153.html"
|
|
},
|
|
{
|
|
"name": "1032052",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1032052"
|
|
},
|
|
{
|
|
"name": "http://downloads.asterisk.org/pub/security/AST-2015-003.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://downloads.asterisk.org/pub/security/AST-2015-003.html"
|
|
},
|
|
{
|
|
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
|
|
"refsource": "FULLDISC",
|
|
"url": "http://seclists.org/fulldisclosure/2015/Apr/22"
|
|
},
|
|
{
|
|
"name": "20150408 AST-2015-003: TLS Certificate Common name NULL byte exploit",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/535222/100/0/threaded"
|
|
},
|
|
{
|
|
"name": "DSA-3700",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2016/dsa-3700"
|
|
},
|
|
{
|
|
"name": "FEDORA-2015-5948",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html"
|
|
}
|
|
]
|
|
}
|
|
} |