CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
pocoprojectpoco_c\+\+_libraries
𝑥
≤ 1.4.6
pocoprojectpoco_c\+\+_libraries
1.4.5
pocoprojectpoco_c\+\+_libraries
1.4.6
pocoprojectpoco_c\+\+_libraries
1.4.6:p1
pocoprojectpoco_c\+\+_libraries
1.4.6:p2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poco
bullseye
1.10.0-6+deb11u1
fixed
squeeze
no-dsa
bookworm
1.11.0-3
fixed
sid
1.13.0-6
fixed
trixie
1.13.0-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
poco
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
Fixed 1.3.6p1-4+deb7u1build1
released
saucy
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177471.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177573.html
http://www.kb.cert.org/vuls/id/118748
https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177471.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177573.html
http://www.kb.cert.org/vuls/id/118748
https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG