Vulnerability Details : CVE-2013-4545
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Exploit prediction scoring system (EPSS) score for CVE-2013-4545
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less