CVE-2013-4545

Related Files

HP Security Bulletin HPSBMU03112

Posted Oct 1, 2014

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03112 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, xss, csrf

systems | linux, windows

advisories | CVE-2013-4545, CVE-2013-6420, CVE-2013-6422, CVE-2013-6712, CVE-2014-2640, CVE-2014-2641, CVE-2014-2642

SHA-256 | c7ee397bfe22743f1104826923b5ce2ee2bca83ffb77b9abc0126c7de3855248

Download | Favorite | View

Ubuntu Security Notice USN-2048-1

Posted Dec 6, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2048-1 - Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2013-4545

SHA-256 | c20f5794bb126d61a57266741ccbe80c44ddbf98c011ace3654bedddefc949e5

Download | Favorite | View

Mandriva Linux Security Advisory 2013-276

Posted Nov 21, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-276 - Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.

tags | advisory

systems | linux, mandriva

advisories | CVE-2013-4545

SHA-256 | 2c78af201db1bef05c4d5d012d53ff1328f14122e461d40a5c38c8ccb71ff218

Download | Favorite | View

Debian Security Advisory 2798-2

Posted Nov 21, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2798-2 - The update for curl in DSA-2798-1 uncovered a regression affecting the curl command line tool behaviour (#729965). This update disables host verification too when using the --insecure option.

tags | advisory

systems | linux, debian

advisories | CVE-2013-4545

SHA-256 | ce1a6610897ebeb0ecc8600b5d5a1134408350f1241fe3beff51b07c1ce9e564

Download | Favorite | View

Debian Security Advisory 2798-1

Posted Nov 18, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2798-1 - Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.

tags | advisory

systems | linux, debian

advisories | CVE-2013-4545

SHA-256 | 9363b2d66b1be8b2c64a2ee99bfb751ea42ee87086b3cd18e8fcae0ba052400f

Download | Favorite | View