Vulnerability-Lookup

CVE-2014-1492 (GCVE-0-2014-1492)

Vulnerability from cvelistv5 – Published: 2014-03-25 01:00 – Updated: 2024-08-06 09:42

Summary

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.debian.org/security/2014/dsa-2994	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	https://developer.mozilla.org/en-US/docs/NSS/NSS_…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/534161/100…	mailing-listx_refsource_BUGTRAQ
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/60621	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/60794	third-party-advisoryx_refsource_SECUNIA
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/59866	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=903885	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2014/Dec/23	mailing-listx_refsource_FULLDISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://hg.mozilla.org/projects/nss/rev/709d4e597979	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2185-1	vendor-advisoryx_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1079851	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/66356	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2159-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:42:36.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "DSA-2994",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2994"
          },
          {
            "name": "openSUSE-SU-2014:0599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2014:0629",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "SUSE-SU-2014:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
          },
          {
            "name": "60621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60621"
          },
          {
            "name": "60794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60794"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "SUSE-SU-2014:0665",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "USN-2185-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2185-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
          },
          {
            "name": "66356",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66356"
          },
          {
            "name": "USN-2159-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2159-1"
          },
          {
            "name": "FEDORA-2014-5829",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "name": "DSA-2994",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2994"
        },
        {
          "name": "openSUSE-SU-2014:0599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2014:0629",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "SUSE-SU-2014:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
        },
        {
          "name": "60621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60621"
        },
        {
          "name": "60794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60794"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "59866",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "SUSE-SU-2014:0665",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "name": "USN-2185-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2185-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
        },
        {
          "name": "66356",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66356"
        },
        {
          "name": "USN-2159-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2159-1"
        },
        {
          "name": "FEDORA-2014-5829",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "DSA-2994",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2994"
            },
            {
              "name": "openSUSE-SU-2014:0599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2014:0629",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "SUSE-SU-2014:0727",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
            },
            {
              "name": "60621",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60621"
            },
            {
              "name": "60794",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60794"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "SUSE-SU-2014:0665",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
            },
            {
              "name": "https://hg.mozilla.org/projects/nss/rev/709d4e597979",
              "refsource": "CONFIRM",
              "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "USN-2185-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2185-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
            },
            {
              "name": "66356",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66356"
            },
            {
              "name": "USN-2159-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2159-1"
            },
            {
              "name": "FEDORA-2014-5829",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-1492",
    "datePublished": "2014-03-25T01:00:00.000Z",
    "dateReserved": "2014-01-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:42:36.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2014-1492

Vulnerability from fkie_nvd - Published: 2014-03-25 13:25 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
security@mozilla.org	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
security@mozilla.org	http://seclists.org/fulldisclosure/2014/Dec/23
security@mozilla.org	http://secunia.com/advisories/59866
security@mozilla.org	http://secunia.com/advisories/60621
security@mozilla.org	http://secunia.com/advisories/60794
security@mozilla.org	http://www.debian.org/security/2014/dsa-2994
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
security@mozilla.org	http://www.securityfocus.com/archive/1/534161/100/0/threaded
security@mozilla.org	http://www.securityfocus.com/bid/66356
security@mozilla.org	http://www.ubuntu.com/usn/USN-2159-1
security@mozilla.org	http://www.ubuntu.com/usn/USN-2185-1
security@mozilla.org	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=903885
security@mozilla.org	https://bugzilla.redhat.com/show_bug.cgi?id=1079851
security@mozilla.org	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
security@mozilla.org	https://hg.mozilla.org/projects/nss/rev/709d4e597979	Exploit, Patch
security@mozilla.org	https://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Dec/23
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59866
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60621
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60794
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-2994
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66356
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2159-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2185-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=903885
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1079851
af854a3a-2127-422b-91ae-364da2661108	https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes
af854a3a-2127-422b-91ae-364da2661108	https://hg.mozilla.org/projects/nss/rev/709d4e597979	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01

Impacted products

Vendor	Product	Version
mozilla	network_security_services	*
mozilla	network_security_services	3.2
mozilla	network_security_services	3.2.1
mozilla	network_security_services	3.3
mozilla	network_security_services	3.3.1
mozilla	network_security_services	3.3.2
mozilla	network_security_services	3.4
mozilla	network_security_services	3.4.1
mozilla	network_security_services	3.4.2
mozilla	network_security_services	3.5
mozilla	network_security_services	3.6
mozilla	network_security_services	3.6.1
mozilla	network_security_services	3.7
mozilla	network_security_services	3.7.1
mozilla	network_security_services	3.7.2
mozilla	network_security_services	3.7.3
mozilla	network_security_services	3.7.5
mozilla	network_security_services	3.7.7
mozilla	network_security_services	3.8
mozilla	network_security_services	3.9
mozilla	network_security_services	3.11.2
mozilla	network_security_services	3.11.3
mozilla	network_security_services	3.11.4
mozilla	network_security_services	3.11.5
mozilla	network_security_services	3.12
mozilla	network_security_services	3.12.1
mozilla	network_security_services	3.12.2
mozilla	network_security_services	3.12.3
mozilla	network_security_services	3.12.3.1
mozilla	network_security_services	3.12.3.2
mozilla	network_security_services	3.12.4
mozilla	network_security_services	3.12.5
mozilla	network_security_services	3.12.6
mozilla	network_security_services	3.12.7
mozilla	network_security_services	3.12.8
mozilla	network_security_services	3.12.9
mozilla	network_security_services	3.12.10
mozilla	network_security_services	3.12.11
mozilla	network_security_services	3.14
mozilla	network_security_services	3.14.1
mozilla	network_security_services	3.14.2
mozilla	network_security_services	3.14.3
mozilla	network_security_services	3.14.4
mozilla	network_security_services	3.14.5
mozilla	network_security_services	3.15
mozilla	network_security_services	3.15.1
mozilla	network_security_services	3.15.2
mozilla	network_security_services	3.15.3
mozilla	network_security_services	3.15.3.1
mozilla	network_security_services	3.15.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "204AD77A-1AE4-4B3D-AEBB-ED8A36F3669F",
              "versionEndIncluding": "3.15.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44E0E1D0-F71C-4A3F-B3EE-97B299EF2AE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47CD4C15-02C8-42F2-9AF3-E44F74DE62B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3DDE473-7A61-46AD-9D3B-CA299928FD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "046596DB-57EB-4354-A79E-B3B1D5B4DD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0755B957-CB78-4B8E-9CFE-D53389789ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D292FA-E062-4C52-AE0A-CA7D183D9E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E1A0EA-9E2F-407F-A72F-D5061B6CD318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B565D82B-CAB8-4512-B7B7-0402146DD2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "68341EA6-4FF0-4F87-AC71-4EC5D648406C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A91596AC-3F28-4BBD-A697-81909A5407B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57A5053-018B-468C-BC18-5140E6B5B048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2962B1B-4B7F-4527-AE4C-C76787FEDB67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE921188-7A50-479F-853F-95127C9BE4E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F710939C-8598-40FE-9D5F-A3665723A5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75572113-BD36-49BB-B7A1-177EB7DD3AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F18265E-EE99-4D0F-B975-22A86077A611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3EA58-3FD3-4AD8-AA63-057F8D31301B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51D3086-99CB-4C01-B286-3F7F6B6FB3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA7EB49-52A7-4AFC-9D7D-0225A430B636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAD5F88F-038C-4973-8391-C40C08573F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F474C4B3-B85D-4059-B5D9-84238A642EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5BB4C26-42DC-48F7-B73B-4C88FD3D1E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCC4537-605F-4A3B-AAD1-FC7D0F44F6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62D1D1B-985D-440B-AD23-3F16AEC8DA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B8C2DA-E663-437B-83DA-5521AF002C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94C2A7CF-71DB-431C-8F13-E6F46961F68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "000A1698-C9DE-49A1-9F5D-FDED34A134E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "601788BD-8B31-417F-AE7D-BE8E4107C1EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A99645-6A81-40C3-B46F-3D1ABF00EF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EBCB20B-A367-485F-9115-04EABBE69C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E38E21D-23A9-4D0D-B45B-AF019CD448F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33955B7C-ABA0-49E3-BEF8-AD29FD31DA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C5B25D-E039-427D-8655-FD6BB9302793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E3FD4C-57C7-49CC-B970-18FE767A5ABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDE6B5A1-2E92-427A-810F-0139632F4410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "548E3AAC-3628-4CA4-98CF-7F3724F4355D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E39AD87-3C6C-4B2F-AC3C-84FDBE184440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "99EDA73B-F030-48C0-AAC1-7B8FF1D9E54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3720323-D3BD-4ACD-93B7-B1687E2B241B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AA512E-B2EA-4C73-91B9-14BD5776EE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D2D713-5A78-4D78-BF0B-2BC1A621D4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD0792F-A78A-420B-8069-67920BC5DEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05D7AA9-8EA2-4063-B853-FE1E3CA85B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B591920E-38ED-4046-AD08-E31464C61A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7456D704-3B98-42EC-929A-91BD1E95233F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F38E50-AF67-4F2B-9DA2-0BDC4BE7D5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "473B6DB5-D433-4B1C-9F0D-8260A143D437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87CDFCB-B9FF-49F4-88BA-49D14E6FA8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3D4DE8E-7184-4A6B-87EA-A0B116EA0155",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n cert_TestHostName en lib/certdb/certdb.c en la implementaci\u00f3n de comprobaci\u00f3n de certificado en Mozilla Network Security Services (NSS) anterior a 3.16 acepta un car\u00e1cter comod\u00edn que est\u00e1 embebido en U-label de un nombre de dominio internacionalizado, lo que podr\u00eda permitir a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado manipulado."
    }
  ],
  "id": "CVE-2014-1492",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-25T13:25:38.493",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60621"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/60794"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2014/dsa-2994"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/66356"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2159-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2185-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-2994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2159-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2185-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-344

Vulnerability from certfr_avis - Published: 2016-10-13 - Updated: 2016-10-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Junos OS avec J-Web activé versions antérieures à 12.1X44-D60, 12.1X46-D40, 12.1X47-D30, 12.3R11, 12.3X48-D20, 13.2X51-D39, 13.2X51-D40, 13.3R9, 14.1R6, 14.2R6, 15.1R3, 15.1X49-D20 et 16.1R1
Juniper Networks	Junos OS	Junos OS avec IPv6 versions antérieures à 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9 et 13.3R5
Juniper Networks	N/A	vMX versions antérieures à 14.1R8, 15.1F6 et 16.1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R9, 14.1R7, 14.1X53-D40, 14.1X55-D35, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D70, 16.1R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10763 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10764 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10766 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10762 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10761 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10760 du 13 octobre 2016	None	vendor-advisory
Bulletin de sécurité Juniper JSA10767 du 13 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.1X44-D60, 12.1X46-D40, 12.1X47-D30, 12.3R11, 12.3X48-D20, 13.2X51-D39, 13.2X51-D40, 13.3R9, 14.1R6, 14.2R6, 15.1R3, 15.1X49-D20 et 16.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec IPv6 versions ant\u00e9rieures \u00e0 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9 et 13.3R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "vMX versions ant\u00e9rieures \u00e0 14.1R8, 15.1F6 et 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D60, 12.1X47-D45, 12.3R12, 12.3X48-D35, 13.2R9, 13.3R9, 14.1R7, 14.1X53-D40, 14.1X55-D35, 14.2R5, 15.1F4, 15.1R3, 15.1X49-D60, 15.1X53-D70, 16.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4926"
    },
    {
      "name": "CVE-2013-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
    },
    {
      "name": "CVE-2013-5606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5606"
    },
    {
      "name": "CVE-2011-2749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2749"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-4925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4925"
    },
    {
      "name": "CVE-2016-4931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4931"
    },
    {
      "name": "CVE-2013-1739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1739"
    },
    {
      "name": "CVE-2013-5605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5605"
    },
    {
      "name": "CVE-2016-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4921"
    },
    {
      "name": "CVE-2013-5607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5607"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2016-4927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4927"
    },
    {
      "name": "CVE-2014-1491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1491"
    },
    {
      "name": "CVE-2014-1492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1492"
    },
    {
      "name": "CVE-2016-4928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4928"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2016-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4922"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2011-2748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2748"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2015-5366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5366"
    },
    {
      "name": "CVE-2014-1490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1490"
    },
    {
      "name": "CVE-2011-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0997"
    },
    {
      "name": "CVE-2016-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4924"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2013-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2596"
    },
    {
      "name": "CVE-2012-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3571"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2016-4929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4929"
    },
    {
      "name": "CVE-2016-4930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4930"
    },
    {
      "name": "CVE-2015-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2151"
    },
    {
      "name": "CVE-2014-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1545"
    },
    {
      "name": "CVE-2016-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4923"
    }
  ],
  "initial_release_date": "2016-10-13T00:00:00",
  "last_revision_date": "2016-10-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-344",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10763 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10763\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10764 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10764\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10766 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10766\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10762 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10762\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10761 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10760 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10760\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10767 du 13 octobre 2016",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10767\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2014-AVI-209

Vulnerability from certfr_avis - Published: 2014-04-30 - Updated: 2014-04-30

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Firefox ESR	versions antérieures à Firefox ESR 24.5
Mozilla	Firefox	Versions antérieures à Firefox 29
Mozilla	Thunderbird	versions antérieures à Thunderbird 24.5
Mozilla	N/A	versions antérieures à Seamonkey 2.26

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2014-37 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-35 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-40 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-44 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-45 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-39 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-47 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-43 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-42 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-36 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-34 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-41 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-38 du 29 avril 2014	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2014-46 du 29 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 Firefox ESR 24.5",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Firefox 29",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Thunderbird 24.5",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Seamonkey 2.26",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1522"
    },
    {
      "name": "CVE-2014-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1526"
    },
    {
      "name": "CVE-2014-1532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1532"
    },
    {
      "name": "CVE-2014-1524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1524"
    },
    {
      "name": "CVE-2014-1528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1528"
    },
    {
      "name": "CVE-2014-1530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1530"
    },
    {
      "name": "CVE-2014-1529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1529"
    },
    {
      "name": "CVE-2014-1523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1523"
    },
    {
      "name": "CVE-2014-1492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1492"
    },
    {
      "name": "CVE-2014-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1525"
    },
    {
      "name": "CVE-2014-1531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1531"
    },
    {
      "name": "CVE-2014-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1527"
    },
    {
      "name": "CVE-2014-1520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1520"
    },
    {
      "name": "CVE-2014-1519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1519"
    },
    {
      "name": "CVE-2014-1518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1518"
    }
  ],
  "initial_release_date": "2014-04-30T00:00:00",
  "last_revision_date": "2014-04-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-209",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-37 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-37.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-35 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-35.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-40 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-44 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-44.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-45 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-39 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-39.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-47 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-47.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-43 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-43.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-42 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-42.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-36 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-36.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-34 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-34.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-41 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-41.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-38 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-38.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2014-46 du 29 avril 2014",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-46.html"
    }
  ]
}

GHSA-FXVW-6W4H-3MX5

Vulnerability from github – Published: 2022-05-14 02:53 – Updated: 2022-05-14 02:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-25T13:25:00Z",
    "severity": "MODERATE"
  },
  "details": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",
  "id": "GHSA-fxvw-6w4h-3mx5",
  "modified": "2022-05-14T02:53:34Z",
  "published": "2022-05-14T02:53:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1492"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
    },
    {
      "type": "WEB",
      "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
    },
    {
      "type": "WEB",
      "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59866"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60621"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/60794"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2994"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66356"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2159-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2185-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2014-1492

Vulnerability from fstec - Published: 30.04.2014

Title

Уязвимость браузера Firefox, позволяющая удаленному злоумышленнику нарушить целостность защищаемой информации

Description

Уязвимость существует в функции cert_TestHostName в lib/certdb/certdb.c в реализации проверки сертификатов в наборе библиотек Mozilla (NSS) из-за групповых символов, встроенных в U-лейбл интернационализованных доменных имен. Эксплуатация данной уязвимости позволяет злоумышленникам, действующим по принципу "человек посередине", подменить SSL-серверы, используя специально сформированные сертификаты

Severity ?

Vendor

Mozilla Corp.

Software Name

Firefox

Software Version

от 17.0 до 29.0 (Firefox)

Possible Mitigations

Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу: http://www.mozilla.org/firefox/organizations/all.html

Reference

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492 http://www.mozilla.org/security/announce/2014/mfsa2014-45.html

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Mozilla Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 17.0 \u0434\u043e 29.0 (Firefox)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435. \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443:\nhttp://www.mozilla.org/firefox/organizations/all.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.04.2014",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.07.2016",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-00420",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-1492",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Firefox",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit, Apple Inc. MacOS X 32-bit, Microsoft Corp Windows - 64-bit, Microsoft Corp Windows - 32-bit, Apple Inc. MacOS X 64-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Firefox, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 cert_TestHostName \u0432 lib/certdb/certdb.c \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0432 \u043d\u0430\u0431\u043e\u0440\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a Mozilla (NSS) \u0438\u0437-\u0437\u0430 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432, \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0445 \u0432 U-\u043b\u0435\u0439\u0431\u043b \u0438\u043d\u0442\u0435\u0440\u043d\u0430\u0446\u0438\u043e\u043d\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0434\u043e\u043c\u0435\u043d\u043d\u044b\u0445 \u0438\u043c\u0435\u043d. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u043f\u043e \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0443 \"\u0447\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435\", \u043f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c SSL-\u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-45.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

GSD-2014-1492

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1492

Aliases

CVE-2014-1492

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1492",
    "description": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",
    "id": "GSD-2014-1492",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-1492.html",
      "https://www.debian.org/security/2014/dsa-2994",
      "https://access.redhat.com/errata/RHSA-2014:1246",
      "https://access.redhat.com/errata/RHSA-2014:1073",
      "https://access.redhat.com/errata/RHSA-2014:0917",
      "https://ubuntu.com/security/CVE-2014-1492",
      "https://advisories.mageia.org/CVE-2014-1492.html",
      "https://linux.oracle.com/cve/CVE-2014-1492.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1492"
      ],
      "details": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",
      "id": "GSD-2014-1492",
      "modified": "2023-12-13T01:22:50.965741Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2014-1492",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "name": "DSA-2994",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2014/dsa-2994"
          },
          {
            "name": "openSUSE-SU-2014:0599",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2014:0629",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
          },
          {
            "name": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes",
            "refsource": "CONFIRM",
            "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "SUSE-SU-2014:0727",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
          },
          {
            "name": "60621",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60621"
          },
          {
            "name": "60794",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/60794"
          },
          {
            "name": "GLSA-201504-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "59866",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59866"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "SUSE-SU-2014:0665",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
          },
          {
            "name": "https://hg.mozilla.org/projects/nss/rev/709d4e597979",
            "refsource": "CONFIRM",
            "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "USN-2185-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2185-1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
          },
          {
            "name": "66356",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/66356"
          },
          {
            "name": "USN-2159-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2159-1"
          },
          {
            "name": "FEDORA-2014-5829",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.15.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-1492"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name\u0027s U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079851"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=903885"
            },
            {
              "name": "https://hg.mozilla.org/projects/nss/rev/709d4e597979",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://hg.mozilla.org/projects/nss/rev/709d4e597979"
            },
            {
              "name": "USN-2159-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2159-1"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-45.html"
            },
            {
              "name": "FEDORA-2014-5829",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
            },
            {
              "name": "SUSE-SU-2014:0665",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2014:0599",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2014:0629",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html"
            },
            {
              "name": "USN-2185-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2185-1"
            },
            {
              "name": "SUSE-SU-2014:0727",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html"
            },
            {
              "name": "59866",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/59866"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "DSA-2994",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2014/dsa-2994"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "66356",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/66356"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761"
            },
            {
              "name": "60794",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60794"
            },
            {
              "name": "60621",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/60621"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:42Z",
      "publishedDate": "2014-03-25T13:25Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1492 (GCVE-0-2014-1492)

FKIE_CVE-2014-1492

CERTFR-2016-AVI-344

Solution

CERTFR-2014-AVI-209

Solution

GHSA-FXVW-6W4H-3MX5

CVE-2014-1492

GSD-2014-1492

Tags

Sightings

Nomenclature