mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
310 lines
10 KiB
JSON
310 lines
10 KiB
JSON
{
|
|
"id": "CVE-2014-2522",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2014-04-18T22:14:38.587",
|
|
"lastModified": "2024-11-21T02:06:27.957",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "curl y libcurl versiones 7.27.0 hasta 7.35.0, cuando se ejecuta en Windows y utiliza el backend TLS SChannel/Winssl, no comprueba que el nombre de host del servidor coincida con un nombre de dominio en el campo subject's Common Name (CN) o subjectAltName del certificado X.509 cuando se accede a una URL que usa una direcci\u00f3n IP num\u00e9rica, que permite a los atacantes de tipo man-in-the-middle falsificar servidores por medio de un certificado v\u00e1lido arbitrario."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
|
|
"baseScore": 4.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 4.9,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EBF5418D-1162-4B1E-BC3D-06A3E084BEFB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1CA65F31-3D54-4F66-A0A3-2BD993FF38F7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "41ACC9FE-62FF-424B-B4B8-B033FEAF7686"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8BC39E9-5945-4DC8-ACA8-1C9918D9F279"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5ECABFCB-0D02-4B5B-BB35-C6B3C0896348"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5A5176F0-E62F-46FF-B536-DC0680696773"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "506A3761-3D24-43DB-88D8-4EB5B9E8BA5C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0B6EF8B0-0E86-449C-A500-ACD902A78C7F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4D558CC2-0146-4887-834E-19FCB1D512A3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://curl.haxx.se/docs/adv_20140326D.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://seclists.org/oss-sec/2014/q1/585",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/oss-sec/2014/q1/586",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57836",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57966",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57968",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/59458",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/66296",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://curl.haxx.se/docs/adv_20140326D.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://seclists.org/oss-sec/2014/q1/585",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://seclists.org/oss-sec/2014/q1/586",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57836",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57966",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/57968",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/59458",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/66296",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |