SecuritySpace - CVE-2014-2522

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-2522

Description: curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2522
BugTraq ID: 66296
http://www.securityfocus.com/bid/66296
http://seclists.org/oss-sec/2014/q1/585
http://seclists.org/oss-sec/2014/q1/586
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/59458

CVE ID:	CVE-2014-2522
Description:	curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2522 BugTraq ID: 66296 http://www.securityfocus.com/bid/66296 http://seclists.org/oss-sec/2014/q1/585 http://seclists.org/oss-sec/2014/q1/586 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/59458