VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 6 of 36
  • CVE-2018-1000520HigJun 26, 2018
    risk 0.49cvss 7.5epss 0.01

    ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be…

  • CVE-2018-11712HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

  • CVE-2018-0227HigApr 19, 2018
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL…

  • CVE-2018-5466HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5464HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5462HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5502HigMar 22, 2018
    risk 0.49cvss 7.5epss 0.01

    On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate…

  • CVE-2017-18227HigMar 12, 2018
    risk 0.49cvss 7.5epss 0.01

    TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.

  • CVE-2018-7234HigMar 9, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.

  • CVE-2017-15341HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.01

    Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device.…

  • CVE-2018-0786HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.04

    Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

  • CVE-2017-3190HigDec 16, 2017
    risk 0.49cvss 7.5epss 0.00

    Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

  • CVE-2017-11770HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.05

    .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate…

  • CVE-2017-7080HigOct 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust…

  • CVE-2017-2299HigSep 15, 2017
    risk 0.49cvss 7.5epss 0.01

    Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust…

  • CVE-2017-6594HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

  • CVE-2015-4017HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.01

    Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.

  • CVE-2014-3451HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.02

    OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.

  • CVE-2017-6664HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This…

  • CVE-2017-11132HigAug 1, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.