CVE-2014-1263 (GCVE-0-2014-1263)

Vulnerability from cvelistv5

Published

2014-02-27 01:00

Modified

2024-08-06 09:34

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://curl.haxx.se/docs/adv_20140326C.html
product-security@apple.com	http://secunia.com/advisories/57836
product-security@apple.com	http://secunia.com/advisories/57966
product-security@apple.com	http://secunia.com/advisories/57968
product-security@apple.com	http://support.apple.com/kb/HT6150	Vendor Advisory
product-security@apple.com	http://twitter.com/agl__/statuses/437029812046422016
product-security@apple.com	http://twitter.com/okoeroo/statuses/437272014043496449	Exploit
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
product-security@apple.com	https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20140326C.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57836
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57966
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57968
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6150	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/agl__/statuses/437029812046422016
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/okoeroo/statuses/437272014043496449	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73	Exploit

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:41.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
          },
          {
            "name": "57836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6150"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/agl__/statuses/437029812046422016"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://curl.haxx.se/docs/adv_20140326C.html"
          },
          {
            "name": "57968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "name": "57966",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-25T02:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
        },
        {
          "name": "57836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57836"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6150"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://twitter.com/agl__/statuses/437029812046422016"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://curl.haxx.se/docs/adv_20140326C.html"
        },
        {
          "name": "57968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57968"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
        },
        {
          "name": "57966",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73",
              "refsource": "MISC",
              "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
            },
            {
              "name": "57836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57836"
            },
            {
              "name": "http://support.apple.com/kb/HT6150",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6150"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
            },
            {
              "name": "http://twitter.com/agl__/statuses/437029812046422016",
              "refsource": "MISC",
              "url": "http://twitter.com/agl__/statuses/437029812046422016"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20140326C.html",
              "refsource": "CONFIRM",
              "url": "http://curl.haxx.se/docs/adv_20140326C.html"
            },
            {
              "name": "57968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57968"
            },
            {
              "name": "http://twitter.com/okoeroo/statuses/437272014043496449",
              "refsource": "MISC",
              "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
            },
            {
              "name": "57966",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2014-1263",
    "datePublished": "2014-02-27T01:00:00",
    "dateReserved": "2014-01-08T00:00:00",
    "dateUpdated": "2024-08-06T09:34:41.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1263\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-02-27T01:55:04.070\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.\"},{\"lang\":\"es\",\"value\":\"curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509  de servidores HTTPS que son accedidos mediante el uso de una direcci\u00f3n IP num\u00e9rica, lo que permite a atacantes man-in-the-middle falsificar servidores a trav\u00e9s de un certificado manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.9.1\",\"matchCriteriaId\":\"C8303A91-5C8F-4709-83D6-3D211F9C57EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"}]}]}],\"references\":[{\"url\":\"http://curl.haxx.se/docs/adv_20140326C.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/57836\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/57966\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/57968\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://twitter.com/agl__/statuses/437029812046422016\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://twitter.com/okoeroo/statuses/437272014043496449\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20140326C.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT6150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://twitter.com/agl__/statuses/437029812046422016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://twitter.com/okoeroo/statuses/437272014043496449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

var-201402-0402

Vulnerability from variot

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2. The vulnerability is caused by using curl to connect to an HTTPS URL containing an IP address that cannot be verified by the certificate. An attacker in a privileged network position could intercept user credentials or other sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] curl (SSA:2014-086-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.36.0-i486-1_slack14.1.txz: Upgraded. This update fixes four security issues. For more information, see: http://curl.haxx.se/docs/adv_20140326A.html http://curl.haxx.se/docs/adv_20140326B.html http://curl.haxx.se/docs/adv_20140326C.html http://curl.haxx.se/docs/adv_20140326D.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.36.0-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.36.0-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.36.0-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.36.0-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.36.0-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.36.0-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.36.0-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.36.0-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.36.0-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.36.0-i486-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.36.0-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: f2bfd8ac585b27cecc518de2b33412c2 curl-7.36.0-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 0f8dc655f260987c8d78d5bea833d8f7 curl-7.36.0-x86_64-1_slack13.0.txz

Slackware 13.1 package: 7cf1f0ea7dedff527946299e7236e77e curl-7.36.0-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: 177375acc8683037988a13a398f1a29e curl-7.36.0-x86_64-1_slack13.1.txz

Slackware 13.37 package: 606c382d315b1067ef1fd3b7845bb9e6 curl-7.36.0-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 8ec5e086ae682d778a5c2c986dd79906 curl-7.36.0-x86_64-1_slack13.37.txz

Slackware 14.0 package: dd7126a5f92f7f94df9115ffcdb40012 curl-7.36.0-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: a8e496fec60861ce499a349343073468 curl-7.36.0-x86_64-1_slack14.0.txz

Slackware 14.1 package: 2bbd15ebfb4c4b97c5a0d9962e9b1e5d curl-7.36.0-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: c8dc094b835d8c34a9637abd84b3c89b curl-7.36.0-x86_64-1_slack14.1.txz

Slackware -current package: 06673155a798e92a4b2cdc5a52dba87f n/curl-7.36.0-i486-1.txz

Slackware x86_64 -current package: a52032963ab98107a50675b4f212481b n/curl-7.36.0-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg curl-7.36.0-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iEYEARECAAYFAlM176AACgkQakRjwEAQIjOcAACeOQryVvuABStufS/APbJg03IP v8YAn3/+kqsJ9+Di3VLAO9jvwb+jDIKY =rbfp -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0402",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.9.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "65777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Roland Moriz of Moriz GmbH, Felix Groebert of the Google Security Team, Meder Kydyraliev of the Google Security Team,\nRob Ansaldo of Amherst College, Graham Bennett Karl Smith of NCC Group, Apple, Lucas Apa and Carlos Mario Penagos of IOActive Labs, Tom Ga",
    "sources": [
      {
        "db": "BID",
        "id": "65777"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-1263",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-1263",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-69202",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-1263",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-1263",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201402-454",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69202",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. Apple Mac OS X is prone to multiple vulnerabilities. \nThe update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. \nAttackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. \nThese issues affect OS X versions prior to 10.9.2. The vulnerability is caused by using curl to connect to an HTTPS URL containing an IP address that cannot be verified by the certificate. An attacker in a privileged network position could intercept user credentials or other sensitive information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  curl (SSA:2014-086-01)\n\nNew curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.36.0-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes four security issues. \n  For more information, see:\n    http://curl.haxx.se/docs/adv_20140326A.html\n    http://curl.haxx.se/docs/adv_20140326B.html\n    http://curl.haxx.se/docs/adv_20140326C.html\n    http://curl.haxx.se/docs/adv_20140326D.html\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.36.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.36.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.36.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.36.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.36.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.36.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.36.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.36.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.36.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.36.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.36.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\nf2bfd8ac585b27cecc518de2b33412c2  curl-7.36.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n0f8dc655f260987c8d78d5bea833d8f7  curl-7.36.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n7cf1f0ea7dedff527946299e7236e77e  curl-7.36.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n177375acc8683037988a13a398f1a29e  curl-7.36.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n606c382d315b1067ef1fd3b7845bb9e6  curl-7.36.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n8ec5e086ae682d778a5c2c986dd79906  curl-7.36.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ndd7126a5f92f7f94df9115ffcdb40012  curl-7.36.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\na8e496fec60861ce499a349343073468  curl-7.36.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n2bbd15ebfb4c4b97c5a0d9962e9b1e5d  curl-7.36.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc8dc094b835d8c34a9637abd84b3c89b  curl-7.36.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n06673155a798e92a4b2cdc5a52dba87f  n/curl-7.36.0-i486-1.txz\n\nSlackware x86_64 -current package:\na52032963ab98107a50675b4f212481b  n/curl-7.36.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.36.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address.      |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlM176AACgkQakRjwEAQIjOcAACeOQryVvuABStufS/APbJg03IP\nv8YAn3/+kqsJ9+Di3VLAO9jvwb+jDIKY\n=rbfp\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "BID",
        "id": "65777"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "PACKETSTORM",
        "id": "125935"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1263",
        "trust": 2.9
      },
      {
        "db": "SECUNIA",
        "id": "57836",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57968",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "57966",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95868425",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "65777",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-69202",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125935",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "BID",
        "id": "65777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "PACKETSTORM",
        "id": "125935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "id": "VAR-201402-0402",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:37:11.875000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2014-02-25-1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html"
      },
      {
        "title": "HT6150",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6150"
      },
      {
        "title": "HT6150",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT6150?viewlocale=ja_JP"
      },
      {
        "title": "Enterprise Chef 1.4.9 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
      },
      {
        "title": "Enterprise Chef 11.1.3 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "title": "Chef Server 11.0.12 Release",
        "trust": 0.8,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
      },
      {
        "title": "libcurl not verifying certs for TLS to IP address / Darwinssl",
        "trust": 0.8,
        "url": "http://curl.haxx.se/docs/adv_20140326C.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht6150"
      },
      {
        "trust": 1.7,
        "url": "http://twitter.com/agl__/statuses/437029812046422016"
      },
      {
        "trust": 1.7,
        "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
      },
      {
        "trust": 1.7,
        "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
      },
      {
        "trust": 1.2,
        "url": "http://curl.haxx.se/docs/adv_20140326c.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
      },
      {
        "trust": 1.1,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
      },
      {
        "trust": 1.1,
        "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57836"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57966"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/57968"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1263"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95868425/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1263"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://curl.haxx.se/docs/adv_20140326a.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2522"
      },
      {
        "trust": 0.1,
        "url": "http://curl.haxx.se/docs/adv_20140326d.html"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0138"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0139"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0138"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1263"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2522"
      },
      {
        "trust": 0.1,
        "url": "http://curl.haxx.se/docs/adv_20140326b.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "BID",
        "id": "65777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "PACKETSTORM",
        "id": "125935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "db": "BID",
        "id": "65777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "db": "PACKETSTORM",
        "id": "125935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "date": "2014-02-25T00:00:00",
        "db": "BID",
        "id": "65777"
      },
      {
        "date": "2014-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "date": "2014-03-29T12:12:00",
        "db": "PACKETSTORM",
        "id": "125935"
      },
      {
        "date": "2014-02-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "date": "2014-02-27T01:55:04.070000",
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69202"
      },
      {
        "date": "2014-04-17T00:49:00",
        "db": "BID",
        "id": "65777"
      },
      {
        "date": "2014-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      },
      {
        "date": "2014-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      },
      {
        "date": "2024-11-21T02:03:57.043000",
        "db": "NVD",
        "id": "CVE-2014-1263"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X of  curl Vulnerable to server impersonation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001489"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201402-454"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2014-AVI-095

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X Maverick. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple OS X Mountain Lion versions antérieures à 10.8.5
Apple	N/A	Apple OS X Lion Server versions antérieures à 10.7.5
Apple	N/A	Apple OS X Mavericks versions antérieures à 10.9.2
Apple	N/A	Apple OS X Lion versions antérieures à 10.7.5

References

Title

Publication Time

gsd-2014-1263

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-1263

Aliases

CVE-2014-1263

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1263",
    "description": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.",
    "id": "GSD-2014-1263"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1263"
      ],
      "details": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.",
      "id": "GSD-2014-1263",
      "modified": "2023-12-13T01:22:51.554007Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1263",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73",
            "refsource": "MISC",
            "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
          },
          {
            "name": "57836",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "name": "http://support.apple.com/kb/HT6150",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT6150"
          },
          {
            "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
            "refsource": "CONFIRM",
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "name": "http://twitter.com/agl__/statuses/437029812046422016",
            "refsource": "MISC",
            "url": "http://twitter.com/agl__/statuses/437029812046422016"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20140326C.html",
            "refsource": "CONFIRM",
            "url": "http://curl.haxx.se/docs/adv_20140326C.html"
          },
          {
            "name": "57968",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "name": "http://twitter.com/okoeroo/statuses/437272014043496449",
            "refsource": "MISC",
            "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
          },
          {
            "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
            "refsource": "CONFIRM",
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
            "refsource": "CONFIRM",
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "name": "57966",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/57966"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.9.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1263"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://twitter.com/okoeroo/statuses/437272014043496449",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
            },
            {
              "name": "http://support.apple.com/kb/HT6150",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT6150"
            },
            {
              "name": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
            },
            {
              "name": "http://twitter.com/agl__/statuses/437029812046422016",
              "refsource": "MISC",
              "tags": [],
              "url": "http://twitter.com/agl__/statuses/437029812046422016"
            },
            {
              "name": "57836",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57836"
            },
            {
              "name": "57966",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57966"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
            },
            {
              "name": "57968",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/57968"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20140326C.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://curl.haxx.se/docs/adv_20140326C.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2014-05-05T05:32Z",
      "publishedDate": "2014-02-27T01:55Z"
    }
  }
}

fkie_cve-2014-1263

Vulnerability from fkie_nvd

Published

2014-02-27 01:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://curl.haxx.se/docs/adv_20140326C.html
product-security@apple.com	http://secunia.com/advisories/57836
product-security@apple.com	http://secunia.com/advisories/57966
product-security@apple.com	http://secunia.com/advisories/57968
product-security@apple.com	http://support.apple.com/kb/HT6150	Vendor Advisory
product-security@apple.com	http://twitter.com/agl__/statuses/437029812046422016
product-security@apple.com	http://twitter.com/okoeroo/statuses/437272014043496449	Exploit
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
product-security@apple.com	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
product-security@apple.com	https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20140326C.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57836
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57966
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/57968
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT6150	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/agl__/statuses/437029812046422016
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/okoeroo/statuses/437272014043496449	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
af854a3a-2127-422b-91ae-364da2661108	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73	Exploit

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	apple	mac_os_x	10.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8303A91-5C8F-4709-83D6-3D211F9C57EE",
              "versionEndIncluding": "10.9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
    },
    {
      "lang": "es",
      "value": "curl en Apple OS X 10.9.x anterior a 10.9.2 no verifica los certificados X.509  de servidores HTTPS que son accedidos mediante el uso de una direcci\u00f3n IP num\u00e9rica, lo que permite a atacantes man-in-the-middle falsificar servidores a trav\u00e9s de un certificado manipulado."
    }
  ],
  "id": "CVE-2014-1263",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-02-27T01:55:04.070",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://curl.haxx.se/docs/adv_20140326C.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/57836"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/57966"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://secunia.com/advisories/57968"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6150"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://twitter.com/agl__/statuses/437029812046422016"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://curl.haxx.se/docs/adv_20140326C.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT6150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://twitter.com/agl__/statuses/437029812046422016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-8p89-chvh-f3mw

Vulnerability from github

Published

2022-05-17 04:44

Modified

2025-04-12 12:30

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1263"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-27T01:55:00Z",
    "severity": "MODERATE"
  },
  "details": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.",
  "id": "GHSA-8p89-chvh-f3mw",
  "modified": "2025-04-12T12:30:55Z",
  "published": "2022-05-17T04:44:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1263"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20140326C.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57836"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57966"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/57968"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT6150"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/agl__/statuses/437029812046422016"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/okoeroo/statuses/437272014043496449"
    },
    {
      "type": "WEB",
      "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release"
    },
    {
      "type": "WEB",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release"
    },
    {
      "type": "WEB",
      "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-1263 (GCVE-0-2014-1263)

Vulnerability from cvelistv5

var-201402-0402

Vulnerability from variot

upgradepkg curl-7.36.0-i486-1_slack14.1.txz

CERTFR-2014-AVI-095

Vulnerability from certfr_avis

Solution

gsd-2014-1263

Vulnerability from gsd

fkie_cve-2014-1263

Vulnerability from fkie_nvd

ghsa-8p89-chvh-f3mw

Vulnerability from github

Tags

Sightings

Nomenclature