CVE-2014-3604

{"id": "CVE-2014-3604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-25T00:55:03.023", "references": [{"url": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659", "source": "secalert@redhat.com"}, {"url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml", "source": "secalert@redhat.com"}, {"url": "http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131803", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97659", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}, {"lang": "es", "value": "Certificates.java en Not Yet Commons SSL anterior a 0.3.15 no verifica debidamente que el nombre del servidor coincide con el nombre del dominio en el campo del asunto Common Name (CN) del certificado X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a trav\u00e9s de un certificado v\u00e1lido arbitrario."}], "lastModified": "2024-11-21T02:08:29.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:not_yet_commons_ssl_project:not_yet_commons_ssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BAD6FEE-D3FD-4BEB-A253-5A07D1B49C0C", "versionEndIncluding": "0.3.14"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}