CVE-2014-0139CVE-2014-0139

Affected configuration(s):

cpe:/a:haxx:curl:7.10.6
cpe:/a:haxx:curl:7.10.7
cpe:/a:haxx:curl:7.10.8
cpe:/a:haxx:curl:7.11.0
cpe:/a:haxx:curl:7.11.1
cpe:/a:haxx:curl:7.11.2
cpe:/a:haxx:curl:7.12.0
cpe:/a:haxx:curl:7.12.1
cpe:/a:haxx:curl:7.12.2
cpe:/a:haxx:curl:7.12.3
cpe:/a:haxx:curl:7.13.0
cpe:/a:haxx:curl:7.13.1
cpe:/a:haxx:curl:7.13.2
cpe:/a:haxx:curl:7.14.0
cpe:/a:haxx:curl:7.14.1
cpe:/a:haxx:curl:7.15.0
cpe:/a:haxx:curl:7.15.1
cpe:/a:haxx:curl:7.15.2
cpe:/a:haxx:curl:7.15.3
cpe:/a:haxx:curl:7.15.4
cpe:/a:haxx:curl:7.15.5
cpe:/a:haxx:curl:7.16.0
cpe:/a:haxx:curl:7.16.1
cpe:/a:haxx:curl:7.16.2
cpe:/a:haxx:curl:7.16.3
cpe:/a:haxx:curl:7.16.4
cpe:/a:haxx:curl:7.17.0
cpe:/a:haxx:curl:7.17.1
cpe:/a:haxx:curl:7.18.0
cpe:/a:haxx:curl:7.18.1
cpe:/a:haxx:curl:7.18.2
cpe:/a:haxx:curl:7.19.0
cpe:/a:haxx:curl:7.19.1
cpe:/a:haxx:curl:7.19.2
cpe:/a:haxx:curl:7.19.3
cpe:/a:haxx:curl:7.19.4
cpe:/a:haxx:curl:7.19.5
cpe:/a:haxx:curl:7.19.6
cpe:/a:haxx:curl:7.19.7
cpe:/a:haxx:curl:7.20.0
cpe:/a:haxx:curl:7.20.1
cpe:/a:haxx:curl:7.21.0
cpe:/a:haxx:curl:7.21.1
cpe:/a:haxx:curl:7.21.2
cpe:/a:haxx:curl:7.21.3
cpe:/a:haxx:curl:7.21.4
cpe:/a:haxx:curl:7.21.5
cpe:/a:haxx:curl:7.21.6
cpe:/a:haxx:curl:7.21.7
cpe:/a:haxx:curl:7.22.0
cpe:/a:haxx:curl:7.23.0
cpe:/a:haxx:curl:7.23.1
cpe:/a:haxx:curl:7.24.0
cpe:/a:haxx:curl:7.25.0
cpe:/a:haxx:curl:7.26.0
cpe:/a:haxx:curl:7.27.0
cpe:/a:haxx:curl:7.28.0
cpe:/a:haxx:curl:7.28.1
cpe:/a:haxx:curl:7.29.0
cpe:/a:haxx:curl:7.30.0
cpe:/a:haxx:curl:7.31.0
cpe:/a:haxx:curl:7.32.0
cpe:/a:haxx:curl:7.33.0
cpe:/a:haxx:curl:7.34.0
cpe:/a:haxx:curl:7.35.0
cpe:/a:haxx:libcurl:7.10.6
cpe:/a:haxx:libcurl:7.10.7
cpe:/a:haxx:libcurl:7.10.8
cpe:/a:haxx:libcurl:7.11.0
cpe:/a:haxx:libcurl:7.11.1
cpe:/a:haxx:libcurl:7.11.2
cpe:/a:haxx:libcurl:7.12.0
cpe:/a:haxx:libcurl:7.12.1
cpe:/a:haxx:libcurl:7.12.2
cpe:/a:haxx:libcurl:7.12.3
cpe:/a:haxx:libcurl:7.13.0
cpe:/a:haxx:libcurl:7.13.1
cpe:/a:haxx:libcurl:7.13.2
cpe:/a:haxx:libcurl:7.14.0
cpe:/a:haxx:libcurl:7.14.1
cpe:/a:haxx:libcurl:7.15.0
cpe:/a:haxx:libcurl:7.15.1
cpe:/a:haxx:libcurl:7.15.2
cpe:/a:haxx:libcurl:7.15.3
cpe:/a:haxx:libcurl:7.15.4
cpe:/a:haxx:libcurl:7.15.5
cpe:/a:haxx:libcurl:7.16.0
cpe:/a:haxx:libcurl:7.16.1
cpe:/a:haxx:libcurl:7.16.2
cpe:/a:haxx:libcurl:7.16.3
cpe:/a:haxx:libcurl:7.16.4
cpe:/a:haxx:libcurl:7.17.0
cpe:/a:haxx:libcurl:7.17.1
cpe:/a:haxx:libcurl:7.18.0
cpe:/a:haxx:libcurl:7.18.1
cpe:/a:haxx:libcurl:7.18.2
cpe:/a:haxx:libcurl:7.19.0
cpe:/a:haxx:libcurl:7.19.1
cpe:/a:haxx:libcurl:7.19.2
cpe:/a:haxx:libcurl:7.19.3
cpe:/a:haxx:libcurl:7.19.4
cpe:/a:haxx:libcurl:7.19.5
cpe:/a:haxx:libcurl:7.19.6
cpe:/a:haxx:libcurl:7.19.7
cpe:/a:haxx:libcurl:7.20.0
cpe:/a:haxx:libcurl:7.20.1
cpe:/a:haxx:libcurl:7.21.0
cpe:/a:haxx:libcurl:7.21.1
cpe:/a:haxx:libcurl:7.21.2
cpe:/a:haxx:libcurl:7.21.3
cpe:/a:haxx:libcurl:7.21.4
cpe:/a:haxx:libcurl:7.21.5
cpe:/a:haxx:libcurl:7.21.6
cpe:/a:haxx:libcurl:7.21.7
cpe:/a:haxx:libcurl:7.22.0
cpe:/a:haxx:libcurl:7.23.0
cpe:/a:haxx:libcurl:7.23.1
cpe:/a:haxx:libcurl:7.24.0
cpe:/a:haxx:libcurl:7.25.0
cpe:/a:haxx:libcurl:7.26.0
cpe:/a:haxx:libcurl:7.27.0
cpe:/a:haxx:libcurl:7.28.0
cpe:/a:haxx:libcurl:7.28.1
cpe:/a:haxx:libcurl:7.29.0
cpe:/a:haxx:libcurl:7.30.0
cpe:/a:haxx:libcurl:7.31.0
cpe:/a:haxx:libcurl:7.32.0
cpe:/a:haxx:libcurl:7.33.0
cpe:/a:haxx:libcurl:7.34.0
cpe:/a:haxx:libcurl:7.35.0

Date published: 2014-04-15T10:55:04.137-04:00

Date last modified: 2017-12-15T21:29:03.307-05:00

CVSS Score: 5.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://advisories.mageia.org/MGASA-2015-0165.html

Summary: cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject’s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.