Download
| Alert*
|
oval:org.secpod.oval:def:702152
serf: high-performance asynchronous HTTP client library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:1600031 The serf_ssl_cert_issuer, serf_ssl_cert_subject, and serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject"s Common Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arb ... oval:org.secpod.oval:def:52273 serf: high-performance asynchronous HTTP client library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:107377 The serf library is a C-based HTTP client library built upon the Apache Portable Runtime library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation. oval:org.secpod.oval:def:99818 The host is installed with Apache Subversion 1.4.x through 1.7.17, 1.8.x through 1.8.9 and is prone to an improper validation of certificate vulnerability. A flaw is present in the application, which fails to handle issues in Serf RA layer. Successful exploitation could allow remote attackers to cau ... |
