ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.
References
Configurations
History
No history.
Information
Published : 2006-08-31 22:04
Updated : 2024-02-04 16:52
NVD link : CVE-2006-4499
Mitre link : CVE-2006-4499
CVE.ORG link : CVE-2006-4499
JSON object : View
Products Affected
moderngigabyte
- modernbill
CWE