Vulnerability Details : CVE-2014-3604
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Products affected by CVE-2014-3604
- cpe:2.3:a:not_yet_commons_ssl_project:not_yet_commons_ssl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3604
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3604
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-3604
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3604
-
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3604.yaml
victims-cve-db/3604.yaml at master · victims/victims-cve-db · GitHub
-
http://juliusdavies.ca/svn/viewvc.cgi/not-yet-commons-ssl?view=rev&revision=172
404 Not FoundPatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=1131803
1131803 – (CVE-2014-3604) CVE-2014-3604 Not Yet Commons SSL: Hostname verification susceptible to MITM attack
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97659
Not-Yet-Commons-SSL certificate security bypass CVE-2014-3604 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2015-1888.html
RHSA-2015:1888 - Security Advisory - Red Hat Customer Portal
Jump to