VYPR
Medium severity5.9NVD Advisory· Published Oct 10, 2016· Updated Jun 17, 2026

CVE-2016-7099

CVE-2016-7099

Description

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

113

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.