CVE-2014-1492CVE-2014-1492

Affected configuration(s):

cpe:/a:mozilla:network_security_services:3.2
cpe:/a:mozilla:network_security_services:3.2.1
cpe:/a:mozilla:network_security_services:3.3
cpe:/a:mozilla:network_security_services:3.3.1
cpe:/a:mozilla:network_security_services:3.3.2
cpe:/a:mozilla:network_security_services:3.4
cpe:/a:mozilla:network_security_services:3.4.1
cpe:/a:mozilla:network_security_services:3.4.2
cpe:/a:mozilla:network_security_services:3.5
cpe:/a:mozilla:network_security_services:3.6
cpe:/a:mozilla:network_security_services:3.6.1
cpe:/a:mozilla:network_security_services:3.7
cpe:/a:mozilla:network_security_services:3.7.1
cpe:/a:mozilla:network_security_services:3.7.2
cpe:/a:mozilla:network_security_services:3.7.3
cpe:/a:mozilla:network_security_services:3.7.5
cpe:/a:mozilla:network_security_services:3.7.7
cpe:/a:mozilla:network_security_services:3.8
cpe:/a:mozilla:network_security_services:3.9
cpe:/a:mozilla:network_security_services:3.11.2
cpe:/a:mozilla:network_security_services:3.11.3
cpe:/a:mozilla:network_security_services:3.11.4
cpe:/a:mozilla:network_security_services:3.11.5
cpe:/a:mozilla:network_security_services:3.12
cpe:/a:mozilla:network_security_services:3.12.1
cpe:/a:mozilla:network_security_services:3.12.2
cpe:/a:mozilla:network_security_services:3.12.3
cpe:/a:mozilla:network_security_services:3.12.3.1
cpe:/a:mozilla:network_security_services:3.12.3.2
cpe:/a:mozilla:network_security_services:3.12.4
cpe:/a:mozilla:network_security_services:3.12.5
cpe:/a:mozilla:network_security_services:3.12.6
cpe:/a:mozilla:network_security_services:3.12.7
cpe:/a:mozilla:network_security_services:3.12.8
cpe:/a:mozilla:network_security_services:3.12.9
cpe:/a:mozilla:network_security_services:3.12.10
cpe:/a:mozilla:network_security_services:3.12.11
cpe:/a:mozilla:network_security_services:3.14
cpe:/a:mozilla:network_security_services:3.14.1
cpe:/a:mozilla:network_security_services:3.14.2
cpe:/a:mozilla:network_security_services:3.14.3
cpe:/a:mozilla:network_security_services:3.14.4
cpe:/a:mozilla:network_security_services:3.14.5
cpe:/a:mozilla:network_security_services:3.15
cpe:/a:mozilla:network_security_services:3.15.1
cpe:/a:mozilla:network_security_services:3.15.2
cpe:/a:mozilla:network_security_services:3.15.3
cpe:/a:mozilla:network_security_services:3.15.3.1
cpe:/a:mozilla:network_security_services:3.15.4
cpe:/a:mozilla:network_security_services:3.15.5

Date published: 2014-03-25T09:25:38.493-04:00

Date last modified: 2017-11-14T21:29:03.703-05:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Summary: The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name’s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.