[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0308Date: (C)2013-03-15   (M)2023-12-22


The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1028205
SECUNIA-52361
SECUNIA-52443
SECUNIA-52467
BID-58148
APPLE-SA-2013-09-18-3
RHSA-2013:0589
http://marc.info/?l=git&m=136134619013145&w=2
git-gitimapsend-spoofing(82329)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701586
http://support.apple.com/kb/HT5937
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.novell.com/show_bug.cgi?id=804730
https://bugzilla.redhat.com/show_bug.cgi?id=909977
https://raw.github.com/git/git/master/Documentation/RelNotes/1.8.1.4.txt
openSUSE-SU-2013:0380
openSUSE-SU-2013:0382

CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:104691
oval:org.secpod.oval:def:104697
oval:org.secpod.oval:def:15887
oval:org.secpod.oval:def:1500098
...

© SecPod Technologies