Unrated severityNVD Advisory· Published Feb 27, 2014· Updated Jun 17, 2026
CVE-2014-1263
CVE-2014-1263
Description
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <=10.9.1
- cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*
- Range: <10.9.2
Patches
Vulnerability mechanics
References
11- twitter.com/okoeroo/statuses/437272014043496449nvdExploit
- gist.github.com/rmoriz/fb2b0a6a0ce10550ab73nvdExploit
- support.apple.com/kb/HT6150nvdVendor Advisory
- curl.haxx.se/docs/adv_20140326C.htmlnvd
- secunia.com/advisories/57836nvd
- secunia.com/advisories/57966nvd
- secunia.com/advisories/57968nvd
- twitter.com/agl__/statuses/437029812046422016nvd
- www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/nvd
- www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/nvd
- www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/nvd
News mentions
0No linked articles in our index yet.