Man-in-the-middle attack vulnerability in cURL and libcurl via a crafted certificate issued by a legitimate Certification AuthorityID: oval:org.secpod.oval:def:20971 | Date: (C)2014-09-02 (M)2022-09-21 |
Class: VULNERABILITY | Family: unix |
The host is installed with curl or libcurl 7.1 before 7.36 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate issued by a legitimate Certification Authority. Successful exploitation could allow attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Platform: |
Red Hat Enterprise Linux 5 |