1 results (0.012 seconds)

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. El método Poco::Net::X509Certificate::verify en la libraría NetSSL en POCO C++ Libraries anterior a 1.4.6p4 permite a atacantes man-in-the-middle falsificar servidores SSL a través de registros DNS PTR manipulados que se solicitan durante comparación de un nombre de servidor hacia un nombre de dominio de comodín en un certificado X.509. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177471.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177573.html http://www.kb.cert.org/vuls/id/118748 https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG • CWE-310: Cryptographic Issues •