Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2014-1263
Deferred
More InfoOfficial Page
Source-product-security@apple.com
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2014 | 01:55
Updated At-12 Apr, 2025 | 10:46

curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Apple Inc.
apple
>>mac_os_x>>Versions up to 10.9.1(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.9
cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://curl.haxx.se/docs/adv_20140326C.htmlproduct-security@apple.com
N/A
http://secunia.com/advisories/57836product-security@apple.com
N/A
http://secunia.com/advisories/57966product-security@apple.com
N/A
http://secunia.com/advisories/57968product-security@apple.com
N/A
http://support.apple.com/kb/HT6150product-security@apple.com
Vendor Advisory
http://twitter.com/agl__/statuses/437029812046422016product-security@apple.com
N/A
http://twitter.com/okoeroo/statuses/437272014043496449product-security@apple.com
Exploit
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/product-security@apple.com
N/A
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/product-security@apple.com
N/A
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/product-security@apple.com
N/A
https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73product-security@apple.com
Exploit
http://curl.haxx.se/docs/adv_20140326C.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57836af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57966af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57968af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT6150af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://twitter.com/agl__/statuses/437029812046422016af854a3a-2127-422b-91ae-364da2661108
N/A
http://twitter.com/okoeroo/statuses/437272014043496449af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/af854a3a-2127-422b-91ae-364da2661108
N/A
https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://curl.haxx.se/docs/adv_20140326C.html
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57836
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57966
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57968
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT6150
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://twitter.com/agl__/statuses/437029812046422016
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://twitter.com/okoeroo/statuses/437272014043496449
Source: product-security@apple.com
Resource:
Exploit
Hyperlink: http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
Source: product-security@apple.com
Resource: N/A
Hyperlink: http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
Source: product-security@apple.com
Resource: N/A
Hyperlink: https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73
Source: product-security@apple.com
Resource:
Exploit
Hyperlink: http://curl.haxx.se/docs/adv_20140326C.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57836
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57968
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT6150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://twitter.com/agl__/statuses/437029812046422016
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://twitter.com/okoeroo/statuses/437272014043496449
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Change History
0Changes found
Details not found