NVD

Id
31689  
Name
CVE-2014-3504  
Description
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject"s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-08-19  
Modified Date
2017-01-06  
Seq
2014-3504  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
166113 31689 CVE-2014-3504 openSUSE-SU-2014:1059  View
166114 31689 CVE-2014-3504 59584  View
166115 31689 CVE-2014-3504 60721  View
166116 31689 CVE-2014-3504 USN-2315-1  View
166117 31689 CVE-2014-3504 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html  View
166118 31689 CVE-2014-3504 69238  View
166119 31689 CVE-2014-3504 https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc  View
166120 31689 CVE-2014-3504 https://subversion.apache.org/security/CVE-2014-3522-advisory.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14988 JVNDB-2014-003863 Serf の複数の関数における任意の SSL サーバになりすまされる脆弱性 Serf の (1) serf_ssl_cert_issuer、(2) serf_ssl_cert_subject、および (3) serf_ssl_cert_certificate 関数は、X.509 証明書のサブジェクトの Common Name (CN) フィールドのドメイン名の NUL バイトを適切に処理しないため、任意の SSL サーバになりすまされる脆弱性が存在します。 CVE-2014-3504 70792 CVE-2014-3504 31689 4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003863.html 2014-08-12 2015-10-30 View