CVE Details for CVE: CVE-2014-0350
Summary
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.
| Timestamps | |
|---|---|
| Last major update | 06-12-2016 - 02:59 |
| Published | 26-04-2014 - 01:55 |
| Last modified | 06-12-2016 - 02:59 |
Vulnerable Configurations
-
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p2:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p2:*:*:*:*:*:*
-
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p1:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p1:*:*:*:*:*:*
-
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p3:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:p3:*:*:*:*:*:*
-
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:-:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.6:-:*:*:*:*:*:*
-
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:pocoproject:poco_c\+\+_libraries:1.4.5:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
-
Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CWE
CVSS
Base
6.4
Impact
4.9
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | NONE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| cert-vn | VU#118748 |
| confirm | https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG |
| fedora |