You are here
curl: certificate name verification vulnerabilities
Submitted on 21. December 2013 - 16:39 by rischi.
Last update on 23. December 2013 - 6:57.
Last update on 23. December 2013 - 6:57.
IDs:
CVE-2013-4545, CVE-2013-6422
Keywords:
curl, TLS, SSL, certificate
Description:
The following two curl vulnerabilities related to SSL peer certificate verification has been published. Both vulnerabilities do not affect Airlock.
CVE-2013-4545
Certificate Common Name and SAN checks may unintentionally be deactivated if a related certificate check is disabled. Airlock is not affected because the vulnerable combination of curl options is not used.
CVE-2013-6422
Using GnuTLS as TLS/SSL library in curl may unintentionally disable server name verification. Airlock is not affected because OpenSSL is used as TLS/SSL library in curl.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: