CWE-295
Improper Certificate Validation
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (720)
page 6 of 36| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000520 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2018 | ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be… | ||
| CVE-2018-11712 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. | ||
| CVE-2018-0227 | Hig | 0.49 | 7.5 | 0.02 | Apr 19, 2018 | A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL… | ||
| CVE-2018-5466 | Hig | 0.49 | 7.5 | 0.02 | Mar 26, 2018 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | ||
| CVE-2018-5464 | Hig | 0.49 | 7.5 | 0.02 | Mar 26, 2018 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | ||
| CVE-2018-5462 | Hig | 0.49 | 7.5 | 0.02 | Mar 26, 2018 | Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | ||
| CVE-2018-5502 | Hig | 0.49 | 7.5 | 0.01 | Mar 22, 2018 | On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate… | ||
| CVE-2017-18227 | Hig | 0.49 | 7.5 | 0.01 | Mar 12, 2018 | TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. | ||
| CVE-2018-7234 | Hig | 0.49 | 7.5 | 0.01 | Mar 9, 2018 | A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. | ||
| CVE-2017-15341 | Hig | 0.49 | 7.5 | 0.01 | Feb 15, 2018 | Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device.… | ||
| CVE-2018-0786 | — | Hig | 0.49 | 7.5 | 0.04 | Jan 10, 2018 | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2017-3190 | Hig | 0.49 | 7.5 | 0.00 | Dec 16, 2017 | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||
| CVE-2017-11770 | Hig | 0.49 | 7.5 | 0.05 | Nov 15, 2017 | .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate… | ||
| CVE-2017-7080 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust… | ||
| CVE-2017-2299 | Hig | 0.49 | 7.5 | 0.01 | Sep 15, 2017 | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust… | ||
| CVE-2017-6594 | Hig | 0.49 | 7.5 | 0.02 | Aug 28, 2017 | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | ||
| CVE-2015-4017 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2017 | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | ||
| CVE-2014-3451 | Hig | 0.49 | 7.5 | 0.02 | Aug 18, 2017 | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | ||
| CVE-2017-6664 | Hig | 0.49 | 7.5 | 0.01 | Aug 7, 2017 | A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This… | ||
| CVE-2017-11132 | Hig | 0.49 | 7.5 | 0.01 | Aug 1, 2017 | An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. |
- risk 0.49cvss 7.5epss 0.01
ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be…
- risk 0.49cvss 7.5epss 0.01
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL…
- risk 0.49cvss 7.5epss 0.02
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- risk 0.49cvss 7.5epss 0.02
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- risk 0.49cvss 7.5epss 0.02
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
- risk 0.49cvss 7.5epss 0.01
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate…
- risk 0.49cvss 7.5epss 0.01
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.
- risk 0.49cvss 7.5epss 0.01
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
- risk 0.49cvss 7.5epss 0.01
Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device.…
- risk 0.49cvss 7.5epss 0.04
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
- risk 0.49cvss 7.5epss 0.00
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
- risk 0.49cvss 7.5epss 0.05
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust…
- risk 0.49cvss 7.5epss 0.01
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust…
- risk 0.49cvss 7.5epss 0.02
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
- risk 0.49cvss 7.5epss 0.01
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
- risk 0.49cvss 7.5epss 0.02
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.