CVE-2014-1492

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-1492
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/59866
http://secunia.com/advisories/60621
http://secunia.com/advisories/60794
http://www.debian.org/security/2014/dsa-2994
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/66356
http://www.ubuntu.com/usn/USN-2159-1
http://www.ubuntu.com/usn/USN-2185-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
https://bugzilla.redhat.com/show_bug.cgi?id=1079851
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
https://hg.mozilla.org/projects/nss/rev/709d4e597979 Exploit Patch
https://security.gentoo.org/glsa/201504-01
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/59866
http://secunia.com/advisories/60621
http://secunia.com/advisories/60794
http://www.debian.org/security/2014/dsa-2994
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/66356
http://www.ubuntu.com/usn/USN-2159-1
http://www.ubuntu.com/usn/USN-2185-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
https://bugzilla.redhat.com/show_bug.cgi?id=1079851
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
https://hg.mozilla.org/projects/nss/rev/709d4e597979 Exploit Patch
https://security.gentoo.org/glsa/201504-01
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
History

21 Nov 2024, 02:04

Type Values Removed Values Added
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 -
References () http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html - () http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html - () http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html -
References () http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html -
References () http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html -
References () http://seclists.org/fulldisclosure/2014/Dec/23 - () http://seclists.org/fulldisclosure/2014/Dec/23 -
References () http://secunia.com/advisories/59866 - () http://secunia.com/advisories/59866 -
References () http://secunia.com/advisories/60621 - () http://secunia.com/advisories/60621 -
References () http://secunia.com/advisories/60794 - () http://secunia.com/advisories/60794 -
References () http://www.debian.org/security/2014/dsa-2994 - () http://www.debian.org/security/2014/dsa-2994 -
References () http://www.mozilla.org/security/announce/2014/mfsa2014-45.html - () http://www.mozilla.org/security/announce/2014/mfsa2014-45.html -
References () http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - () http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html -
References () http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - () http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html -
References () http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html - () http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html -
References () http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html - () http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html -
References () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html -
References () http://www.securityfocus.com/archive/1/534161/100/0/threaded - () http://www.securityfocus.com/archive/1/534161/100/0/threaded -
References () http://www.securityfocus.com/bid/66356 - () http://www.securityfocus.com/bid/66356 -
References () http://www.ubuntu.com/usn/USN-2159-1 - () http://www.ubuntu.com/usn/USN-2159-1 -
References () http://www.ubuntu.com/usn/USN-2185-1 - () http://www.ubuntu.com/usn/USN-2185-1 -
References () http://www.vmware.com/security/advisories/VMSA-2014-0012.html - () http://www.vmware.com/security/advisories/VMSA-2014-0012.html -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=903885 - () https://bugzilla.mozilla.org/show_bug.cgi?id=903885 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1079851 - () https://bugzilla.redhat.com/show_bug.cgi?id=1079851 -
References () https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes - () https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes -
References () https://hg.mozilla.org/projects/nss/rev/709d4e597979 - Exploit, Patch () https://hg.mozilla.org/projects/nss/rev/709d4e597979 - Exploit, Patch
References () https://security.gentoo.org/glsa/201504-01 - () https://security.gentoo.org/glsa/201504-01 -
Information

Published : 2014-03-25 13:25

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1492

Mitre link : CVE-2014-1492

CVE.ORG link : CVE-2014-1492

JSON object : View

Products Affected

mozilla

  • network_security_services
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024