Back to search
CVE-2013-6422
Published: Dec 23, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://curl.haxx.se/docs/adv_20131217.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
x_refsource_CONFIRM
HPSBMU03112
vendor-advisory
x_refsource_HP
DSA-2824
vendor-advisory
x_refsource_DEBIAN
USN-2058-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now