Vulnerability Name:

CVE-2014-1263 (CCN-91409)

Assigned:2014-02-25
Published:2014-02-25
Updated:2014-05-05
Summary:curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-310
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: 20140326C
libcurl not verifying certs for TLS to IP address / Darwinssl

Source: CONFIRM
Type: UNKNOWN
http://curl.haxx.se/docs/adv_20140326C.html

Source: MITRE
Type: CNA
CVE-2014-1263

Source: CCN
Type: SA57434
libcURL Connection Re-use and Certificate Verification Security Issues

Source: CCN
Type: SA57836
Chef Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
57836

Source: CCN
Type: SA57966
Chef Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
57966

Source: CCN
Type: SA57968
Chef Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
57968

Source: CCN
Type: Apple Web site
About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001

Source: CONFIRM
Type: Vendor Advisory
http://support.apple.com/kb/HT6150

Source: MISC
Type: UNKNOWN
http://twitter.com/agl__/statuses/437029812046422016

Source: MISC
Type: Exploit
http://twitter.com/okoeroo/statuses/437272014043496449

Source: CONFIRM
Type: UNKNOWN
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Source: CONFIRM
Type: UNKNOWN
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Source: CONFIRM
Type: UNKNOWN
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Source: XF
Type: UNKNOWN
apple-macosx-cve20141263-info-disc(91409)

Source: MISC
Type: Exploit
https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-1263

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.9.1)

    • Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple mac os x 10.9
    apple mac os x *
    apple mac os x 10.9
    apple mac os x 10.9.1