CVE-2014-2522

{"id": "CVE-2014-2522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-18T22:14:38.587", "references": [{"url": "http://curl.haxx.se/docs/adv_20140326D.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/oss-sec/2014/q1/585", "source": "cve@mitre.org"}, {"url": "http://seclists.org/oss-sec/2014/q1/586", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57836", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57966", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57968", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59458", "source": "cve@mitre.org"}, {"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862", "source": "cve@mitre.org"}, {"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", "source": "cve@mitre.org"}, {"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "source": "cve@mitre.org"}, {"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/66296", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."}, {"lang": "es", "value": "curl y libcurl versiones 7.27.0 hasta 7.35.0, cuando se ejecuta en Windows y utiliza el backend TLS SChannel/Winssl, no comprueba que el nombre de host del servidor coincida con un nombre de dominio en el campo subject's Common Name (CN) o subjectAltName del certificado X.509 cuando se accede a una URL que usa una direcci\u00f3n IP num\u00e9rica, que permite a los atacantes de tipo man-in-the-middle falsificar servidores por medio de un certificado v\u00e1lido arbitrario."}], "lastModified": "2017-04-29T01:59:01.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:7.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBF5418D-1162-4B1E-BC3D-06A3E084BEFB"}, {"criteria": "cpe:2.3:a:haxx:curl:7.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA65F31-3D54-4F66-A0A3-2BD993FF38F7"}, {"criteria": "cpe:2.3:a:haxx:curl:7.28.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41ACC9FE-62FF-424B-B4B8-B033FEAF7686"}, {"criteria": "cpe:2.3:a:haxx:curl:7.29.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8BC39E9-5945-4DC8-ACA8-1C9918D9F279"}, {"criteria": "cpe:2.3:a:haxx:curl:7.30.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9658447-FBB0-4DEA-8FEE-BD4D3D1BF7FF"}, {"criteria": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ECABFCB-0D02-4B5B-BB35-C6B3C0896348"}, {"criteria": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A5176F0-E62F-46FF-B536-DC0680696773"}, {"criteria": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "506A3761-3D24-43DB-88D8-4EB5B9E8BA5C"}, {"criteria": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6EF8B0-0E86-449C-A500-ACD902A78C7F"}, {"criteria": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D558CC2-0146-4887-834E-19FCB1D512A3"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE"}, {"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}