Page 3 of 21 results (0.002 seconds)
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 1
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 1CVE-2014-1492 – nss: IDNA hostname matching code does not follow RFC 6125 recommendation (MFSA 2014-45)
https://notcve.org/view.php?id=CVE-2014-1492
20 Mar 2014 — The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. La función cert_TestHostName en lib/certdb/certdb.c en la implementación de comprobación de certificado en Mozilla Network Security Services (NSS) anterior a 3.16 acepta un ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •