Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2014-0139

UNKNOWN
Published 2014-04-15T14:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2014-0139. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-vwm2-85hg-5h4q

Advisory Details

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0139
WEB http://advisories.mageia.org/MGASA-2015-0165.html
WEB http://curl.haxx.se/docs/adv_20140326B.html
WEB http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
WEB http://secunia.com/advisories/57836
WEB http://secunia.com/advisories/57966
WEB http://secunia.com/advisories/57968
WEB http://secunia.com/advisories/58615
WEB http://secunia.com/advisories/59458
WEB http://www-01.ibm.com/support/docview.wss?uid=swg21675820
WEB http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862
WEB http://www.debian.org/security/2014/dsa-2902
WEB http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release
WEB http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release
WEB http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
WEB http://www.mandriva.com/security/advisories?name=MDVSA-2015:213
WEB http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
WEB http://www.ubuntu.com/usn/USN-2167-1

Advisory provided by GitHub Security Advisory Database. Published: May 17, 2022, Modified: April 12, 2025

References

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:213
http://secunia.com/advisories/57836
http://curl.haxx.se/docs/adv_20140326B.html
http://www.debian.org/security/2014/dsa-2902
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://secunia.com/advisories/59458
http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html
http://advisories.mageia.org/MGASA-2015-0165.html
http://secunia.com/advisories/58615
http://secunia.com/advisories/57968
http://www-01.ibm.com/support/docview.wss?uid=swg21675820
http://www.ubuntu.com/usn/USN-2167-1
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://secunia.com/advisories/57966

HackerOne Reports

CVE-2024-2466: TLS certificate check bypass with mbedTLS Medium
frankyueh
curl
Improper Validation of Certificate with Host Mismatch
View Report
Published: 2014-04-15T14:00:00
Last Modified: 2024-08-06T09:05:38.790Z
Copied to clipboard!