CVE-2013-0945

EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
emcavamar
𝑥
≤ 6.1.101-87
emcavamar
4.0
emcavamar
4.1
emcavamar
5.0
emcavamar
5.0:sp1
emcavamar
5.0:sp2
emcavamar
5.0.0-407
emcavamar
5.0.4-26
emcavamar
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-05/0014.html
http://archives.neohapsis.com/archives/bugtraq/2013-05/0014.html