Vulnerability Details : CVE-2012-6086
libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Products affected by CVE-2012-6086
- cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.10:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.15:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6086
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-6086
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6086
-
http://www.openwall.com/lists/oss-security/2013/01/03/1
oss-security - Re: CVE request: Curl insecure usageIssue Tracking
-
http://www.securityfocus.com/bid/57103
Zabbix 'cURL' API Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://support.zabbix.com/browse/ZBX-5924
[ZBX-5924] Possible security issue due to misuse of the libcurl API - ZABBIX SUPPORTVendor Advisory
Jump to