Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2900

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-2900
Last Modified 23 Apr 2014 08:39:11
Published 22 Apr 2014 10:23:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2900

Summary

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.

Vulnerable Systems

Application

  • Cyassl 0.2.0

  • Cyassl 0.3.0

  • Cyassl 0.4.0

  • Cyassl 0.5.0

  • Cyassl 0.5.5

  • Cyassl 0.6.0

  • Cyassl 0.6.2

  • Cyassl 0.6.3

  • Cyassl 0.8.0

  • Cyassl 0.9.0

  • Cyassl 0.9.6

  • Cyassl 0.9.8

  • Cyassl 0.9.9

  • Cyassl 1.0.0

  • Cyassl 1.0.2

  • Cyassl 1.0.3

  • Cyassl 1.0.6

  • Cyassl 1.1.0

  • Cyassl 1.2.0

  • Cyassl 1.3.0

  • Cyassl 1.4.0

  • Cyassl 1.5.0

  • Cyassl 1.5.4

  • Cyassl 1.5.6

  • Cyassl 1.6.0

  • Cyassl 1.6.5

  • Cyassl 1.8.0

  • Cyassl 1.9.0

  • Cyassl 2.0.0

  • Cyassl 2.0.2

  • Cyassl 2.0.6

  • Cyassl 2.0.8

  • Cyassl 2.2.0

  • Cyassl 2.3.0

  • Cyassl 2.4.0

  • Cyassl 2.4.6

  • Cyassl 2.5.0

  • Cyassl 2.6.0

  • Cyassl 2.7.0

  • Cyassl 2.8.0

  • Cyassl 2.9.0


References

CONFIRM - http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html

CONFIRM - http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html

SECUNIA - 57743

MLIST - [oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?

MLIST - [oss-security] 20140417 CVE ids for CyaSSL 2.9.4?


Last Updated: 27 May 2016 11:05:04