var-201402-0402
Vulnerability from variot
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. Apple Mac OS X is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X versions prior to 10.9.2. The vulnerability is caused by using curl to connect to an HTTPS URL containing an IP address that cannot be verified by the certificate. An attacker in a privileged network position could intercept user credentials or other sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] curl (SSA:2014-086-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.36.0-i486-1_slack14.1.txz: Upgraded. This update fixes four security issues. For more information, see: http://curl.haxx.se/docs/adv_20140326A.html http://curl.haxx.se/docs/adv_20140326B.html http://curl.haxx.se/docs/adv_20140326C.html http://curl.haxx.se/docs/adv_20140326D.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.36.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.36.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.36.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.36.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.36.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.36.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.36.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.36.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.36.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.36.0-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.36.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: f2bfd8ac585b27cecc518de2b33412c2 curl-7.36.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 0f8dc655f260987c8d78d5bea833d8f7 curl-7.36.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 7cf1f0ea7dedff527946299e7236e77e curl-7.36.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 177375acc8683037988a13a398f1a29e curl-7.36.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 606c382d315b1067ef1fd3b7845bb9e6 curl-7.36.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 8ec5e086ae682d778a5c2c986dd79906 curl-7.36.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: dd7126a5f92f7f94df9115ffcdb40012 curl-7.36.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: a8e496fec60861ce499a349343073468 curl-7.36.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 2bbd15ebfb4c4b97c5a0d9962e9b1e5d curl-7.36.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: c8dc094b835d8c34a9637abd84b3c89b curl-7.36.0-x86_64-1_slack14.1.txz
Slackware -current package: 06673155a798e92a4b2cdc5a52dba87f n/curl-7.36.0-i486-1.txz
Slackware x86_64 -current package: a52032963ab98107a50675b4f212481b n/curl-7.36.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.36.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlM176AACgkQakRjwEAQIjOcAACeOQryVvuABStufS/APbJg03IP v8YAn3/+kqsJ9+Di3VLAO9jvwb+jDIKY =rbfp -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.9"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
}
],
"sources": [
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roland Moriz of Moriz GmbH, Felix Groebert of the Google Security Team, Meder Kydyraliev of the Google Security Team,\nRob Ansaldo of Amherst College, Graham Bennett Karl Smith of NCC Group, Apple, Lucas Apa and Carlos Mario Penagos of IOActive Labs, Tom Ga",
"sources": [
{
"db": "BID",
"id": "65777"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1263",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-69202",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1263",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1263",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-454",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69202",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. Apple Mac OS X is prone to multiple vulnerabilities. \nThe update addresses new vulnerabilities that affect ATS, CFNetwork Cookies, CoreAnimation, CoreText, Date and Time, curl, QuickTime, QuickLook, Finder, and File Bookmark components. \nAttackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. \nThese issues affect OS X versions prior to 10.9.2. The vulnerability is caused by using curl to connect to an HTTPS URL containing an IP address that cannot be verified by the certificate. An attacker in a privileged network position could intercept user credentials or other sensitive information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] curl (SSA:2014-086-01)\n\nNew curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.36.0-i486-1_slack14.1.txz: Upgraded. \n This update fixes four security issues. \n For more information, see:\n http://curl.haxx.se/docs/adv_20140326A.html\n http://curl.haxx.se/docs/adv_20140326B.html\n http://curl.haxx.se/docs/adv_20140326C.html\n http://curl.haxx.se/docs/adv_20140326D.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.36.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.36.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.36.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.36.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.36.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.36.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.36.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.36.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.36.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.36.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.36.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.36.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\nf2bfd8ac585b27cecc518de2b33412c2 curl-7.36.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n0f8dc655f260987c8d78d5bea833d8f7 curl-7.36.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n7cf1f0ea7dedff527946299e7236e77e curl-7.36.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n177375acc8683037988a13a398f1a29e curl-7.36.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n606c382d315b1067ef1fd3b7845bb9e6 curl-7.36.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n8ec5e086ae682d778a5c2c986dd79906 curl-7.36.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ndd7126a5f92f7f94df9115ffcdb40012 curl-7.36.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\na8e496fec60861ce499a349343073468 curl-7.36.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n2bbd15ebfb4c4b97c5a0d9962e9b1e5d curl-7.36.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc8dc094b835d8c34a9637abd84b3c89b curl-7.36.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n06673155a798e92a4b2cdc5a52dba87f n/curl-7.36.0-i486-1.txz\n\nSlackware x86_64 -current package:\na52032963ab98107a50675b4f212481b n/curl-7.36.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.36.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlM176AACgkQakRjwEAQIjOcAACeOQryVvuABStufS/APbJg03IP\nv8YAn3/+kqsJ9+Di3VLAO9jvwb+jDIKY\n=rbfp\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1263"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "PACKETSTORM",
"id": "125935"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1263",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "57836",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57968",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57966",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454",
"trust": 0.7
},
{
"db": "BID",
"id": "65777",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-69202",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125935",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "PACKETSTORM",
"id": "125935"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"id": "VAR-201402-0402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69202"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:37:11.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2014-02-25-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150?viewlocale=ja_JP"
},
{
"title": "Enterprise Chef 1.4.9 Release",
"trust": 0.8,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"title": "Enterprise Chef 11.1.3 Release",
"trust": 0.8,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"title": "Chef Server 11.0.12 Release",
"trust": 0.8,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"title": "libcurl not verifying certs for TLS to IP address / Darwinssl",
"trust": 0.8,
"url": "http://curl.haxx.se/docs/adv_20140326C.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.7,
"url": "http://twitter.com/agl__/statuses/437029812046422016"
},
{
"trust": 1.7,
"url": "http://twitter.com/okoeroo/statuses/437272014043496449"
},
{
"trust": 1.7,
"url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
},
{
"trust": 1.2,
"url": "http://curl.haxx.se/docs/adv_20140326c.html"
},
{
"trust": 1.1,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"trust": 1.1,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"trust": 1.1,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57836"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57966"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57968"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1263"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1263"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://curl.haxx.se/docs/adv_20140326a.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2522"
},
{
"trust": 0.1,
"url": "http://curl.haxx.se/docs/adv_20140326d.html"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0138"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0139"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0138"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2522"
},
{
"trust": 0.1,
"url": "http://curl.haxx.se/docs/adv_20140326b.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "PACKETSTORM",
"id": "125935"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69202"
},
{
"db": "BID",
"id": "65777"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"db": "PACKETSTORM",
"id": "125935"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-69202"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65777"
},
{
"date": "2014-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"date": "2014-03-29T12:12:00",
"db": "PACKETSTORM",
"id": "125935"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"date": "2014-02-27T01:55:04.070000",
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-69202"
},
{
"date": "2014-04-17T00:49:00",
"db": "BID",
"id": "65777"
},
{
"date": "2014-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001489"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-454"
},
{
"date": "2024-11-21T02:03:57.043000",
"db": "NVD",
"id": "CVE-2014-1263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X of curl Vulnerable to server impersonation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001489"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-454"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.