Back to search
CVE-2014-1492
Published: Mar 25, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
x_refsource_CONFIRM
DSA-2994
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2014:0599
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2014:0629
vendor-advisory
x_refsource_SUSE
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
SUSE-SU-2014:0727
vendor-advisory
x_refsource_SUSE
60621
third-party-advisory
x_refsource_SECUNIA
60794
third-party-advisory
x_refsource_SECUNIA
GLSA-201504-01
vendor-advisory
x_refsource_GENTOO
59866
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_FULLDISC
SUSE-SU-2014:0665
vendor-advisory
x_refsource_SUSE
https://hg.mozilla.org/projects/nss/rev/709d4e597979
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
x_refsource_CONFIRM
USN-2185-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=1079851
x_refsource_CONFIRM
66356
vdb-entry
x_refsource_BID
USN-2159-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2014-5829
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now