CVE-2016-4467

by Fred · 02/05/2017

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Date published : 2017-05-02

http://www.securityfocus.com/bid/91788

http://www.openwall.com/lists/oss-security/2016/07/15/3

CVE-2016-4467

Similar

Recent Posts

Categories

CVE-2016-4467

Share this:

Similar

Recent Posts

Categories

Tags