CVE-2013-4545
Mandriva Linux Security Advisory 2013-276
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
cURL y libcurl 7.18.0 hasta la versión 7.32.0, cuando es compilado con OpenSSL, desactiva la verificación del nombre de campos del certificado CN y SAN (CURLOPT_SSL_VERIFYHOST) cuando la verificación de firma digital (CURLOPT_SSL_VERIFYPEER) está desactivada, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario.
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. Revision 1 of this advisory.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-06-12 CVE Reserved
- 2013-11-18 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://curl.haxx.se/docs/adv_20131115.html | 2016-06-17 | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html | 2016-06-17 | |
| http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html | 2016-06-17 | |
| http://www.debian.org/security/2013/dsa-2798 | 2016-06-17 | |
| http://www.ubuntu.com/usn/USN-2048-1 | 2016-06-17 | |
| https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322 | 2016-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.18.0 Search vendor "Haxx" for product "Curl" and version "7.18.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.18.1 Search vendor "Haxx" for product "Curl" and version "7.18.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.18.2 Search vendor "Haxx" for product "Curl" and version "7.18.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.0 Search vendor "Haxx" for product "Curl" and version "7.19.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.1 Search vendor "Haxx" for product "Curl" and version "7.19.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.2 Search vendor "Haxx" for product "Curl" and version "7.19.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.3 Search vendor "Haxx" for product "Curl" and version "7.19.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.4 Search vendor "Haxx" for product "Curl" and version "7.19.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.5 Search vendor "Haxx" for product "Curl" and version "7.19.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.6 Search vendor "Haxx" for product "Curl" and version "7.19.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.19.7 Search vendor "Haxx" for product "Curl" and version "7.19.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.20.0 Search vendor "Haxx" for product "Curl" and version "7.20.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.20.1 Search vendor "Haxx" for product "Curl" and version "7.20.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.0 Search vendor "Haxx" for product "Curl" and version "7.21.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.1 Search vendor "Haxx" for product "Curl" and version "7.21.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.2 Search vendor "Haxx" for product "Curl" and version "7.21.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.3 Search vendor "Haxx" for product "Curl" and version "7.21.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.4 Search vendor "Haxx" for product "Curl" and version "7.21.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.5 Search vendor "Haxx" for product "Curl" and version "7.21.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.6 Search vendor "Haxx" for product "Curl" and version "7.21.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.21.7 Search vendor "Haxx" for product "Curl" and version "7.21.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.22.0 Search vendor "Haxx" for product "Curl" and version "7.22.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.23.0 Search vendor "Haxx" for product "Curl" and version "7.23.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.23.1 Search vendor "Haxx" for product "Curl" and version "7.23.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.24.0 Search vendor "Haxx" for product "Curl" and version "7.24.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.25.0 Search vendor "Haxx" for product "Curl" and version "7.25.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.26.0 Search vendor "Haxx" for product "Curl" and version "7.26.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.27.0 Search vendor "Haxx" for product "Curl" and version "7.27.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.28.0 Search vendor "Haxx" for product "Curl" and version "7.28.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.28.1 Search vendor "Haxx" for product "Curl" and version "7.28.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.29.0 Search vendor "Haxx" for product "Curl" and version "7.29.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.30.0 Search vendor "Haxx" for product "Curl" and version "7.30.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.31.0 Search vendor "Haxx" for product "Curl" and version "7.31.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Curl Search vendor "Haxx" for product "Curl" | 7.32.0 Search vendor "Haxx" for product "Curl" and version "7.32.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.0 Search vendor "Haxx" for product "Libcurl" and version "7.18.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.1 Search vendor "Haxx" for product "Libcurl" and version "7.18.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.18.2 Search vendor "Haxx" for product "Libcurl" and version "7.18.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.0 Search vendor "Haxx" for product "Libcurl" and version "7.19.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.1 Search vendor "Haxx" for product "Libcurl" and version "7.19.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.2 Search vendor "Haxx" for product "Libcurl" and version "7.19.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.3 Search vendor "Haxx" for product "Libcurl" and version "7.19.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.4 Search vendor "Haxx" for product "Libcurl" and version "7.19.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.5 Search vendor "Haxx" for product "Libcurl" and version "7.19.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.6 Search vendor "Haxx" for product "Libcurl" and version "7.19.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.19.7 Search vendor "Haxx" for product "Libcurl" and version "7.19.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.20.0 Search vendor "Haxx" for product "Libcurl" and version "7.20.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.20.1 Search vendor "Haxx" for product "Libcurl" and version "7.20.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.0 Search vendor "Haxx" for product "Libcurl" and version "7.21.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.1 Search vendor "Haxx" for product "Libcurl" and version "7.21.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.2 Search vendor "Haxx" for product "Libcurl" and version "7.21.2" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.3 Search vendor "Haxx" for product "Libcurl" and version "7.21.3" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.4 Search vendor "Haxx" for product "Libcurl" and version "7.21.4" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.5 Search vendor "Haxx" for product "Libcurl" and version "7.21.5" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.6 Search vendor "Haxx" for product "Libcurl" and version "7.21.6" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.21.7 Search vendor "Haxx" for product "Libcurl" and version "7.21.7" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.22.0 Search vendor "Haxx" for product "Libcurl" and version "7.22.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.23.0 Search vendor "Haxx" for product "Libcurl" and version "7.23.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.23.1 Search vendor "Haxx" for product "Libcurl" and version "7.23.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.24.0 Search vendor "Haxx" for product "Libcurl" and version "7.24.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.25.0 Search vendor "Haxx" for product "Libcurl" and version "7.25.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.26.0 Search vendor "Haxx" for product "Libcurl" and version "7.26.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.27.0 Search vendor "Haxx" for product "Libcurl" and version "7.27.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.28.0 Search vendor "Haxx" for product "Libcurl" and version "7.28.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.28.1 Search vendor "Haxx" for product "Libcurl" and version "7.28.1" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.29.0 Search vendor "Haxx" for product "Libcurl" and version "7.29.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.30.0 Search vendor "Haxx" for product "Libcurl" and version "7.30.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.31.0 Search vendor "Haxx" for product "Libcurl" and version "7.31.0" | - |
Affected
| ||||||
| Haxx Search vendor "Haxx" | Libcurl Search vendor "Haxx" for product "Libcurl" | 7.32.0 Search vendor "Haxx" for product "Libcurl" and version "7.32.0" | - |
Affected
| ||||||