CVE-2013-0289

Published May 23, 2014

Last updated 3 years ago

Overview

Description: Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isync_project:isync:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B470AE-B7A5-4926-B5A7-70B059A10B46"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "927695D9-DB49-46CD-A5D8-C0F155193FF2"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FD6934A-AC26-4526-ABCA-9C873922931B"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F81CC3E-0BF5-4029-B1DB-7C61C79CBCD2"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "613626B1-51A9-44BB-A2EA-E70E8E47424E"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E680D912-0E6E-4288-9649-CE8366B5A4FE"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33061BF8-30EB-4C6D-8D27-5A8D97CBF609"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36BD677D-1556-482F-A10C-70BE30E10B49"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FBD288C-8C95-4D23-8124-F4D70650E91F"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B373AD0-A823-4BE4-83DA-CA57E53EC9A9"
          },
          {
            "criteria": "cpe:2.3:a:isync_project:isync:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCAA1721-CEAB-4543-897D-0D4E1BECD05B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References