1 results (0.003 seconds)
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-4467
https://notcve.org/view.php?id=CVE-2016-4467
02 May 2017 — The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. El cliente en C y basado en C, en la librería Apache Qpid Proton anterior a la versión 0.13.1 en Windows no verifica co... • http://www.openwall.com/lists/oss-security/2016/07/15/3 • CWE-295: Improper Certificate Validation •