QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0308

Published: Mar 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt

x_refsource_CONFIRM

http://support.apple.com/kb/HT5937

x_refsource_CONFIRM

git-gitimapsend-spoofing(82329)

vdb-entry

x_refsource_XF

APPLE-SA-2013-09-18-3

vendor-advisory

x_refsource_APPLE

third-party-advisory

x_refsource_SECUNIA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586

x_refsource_MISC

[ANNOUNCE] 20130220 Git v1.8.1.4

mailing-list

x_refsource_MLIST

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

x_refsource_CONFIRM

openSUSE-SU-2013:0380

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=909977

x_refsource_MISC

https://bugzilla.novell.com/show_bug.cgi?id=804730

x_refsource_MISC

openSUSE-SU-2013:0382

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2013-0308 - Security Vulnerability | QwikSec