Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v2 Score 4.0
Products affected by CVE-2013-6422
  • Haxx » Libcurl » Version: 7.21.4
    cpe:2.3:a:haxx:libcurl:7.21.4
  • Haxx » Libcurl » Version: 7.21.5
    cpe:2.3:a:haxx:libcurl:7.21.5
  • Haxx » Libcurl » Version: 7.21.6
    cpe:2.3:a:haxx:libcurl:7.21.6
  • Haxx » Libcurl » Version: 7.21.7
    cpe:2.3:a:haxx:libcurl:7.21.7
  • Haxx » Libcurl » Version: 7.22.0
    cpe:2.3:a:haxx:libcurl:7.22.0
  • Haxx » Libcurl » Version: 7.23.0
    cpe:2.3:a:haxx:libcurl:7.23.0
  • Haxx » Libcurl » Version: 7.23.1
    cpe:2.3:a:haxx:libcurl:7.23.1
  • Haxx » Libcurl » Version: 7.24.0
    cpe:2.3:a:haxx:libcurl:7.24.0
  • Haxx » Libcurl » Version: 7.25.0
    cpe:2.3:a:haxx:libcurl:7.25.0
  • Haxx » Libcurl » Version: 7.26.0
    cpe:2.3:a:haxx:libcurl:7.26.0
  • Haxx » Libcurl » Version: 7.27.0
    cpe:2.3:a:haxx:libcurl:7.27.0
  • Haxx » Libcurl » Version: 7.28.0
    cpe:2.3:a:haxx:libcurl:7.28.0
  • Haxx » Libcurl » Version: 7.28.1
    cpe:2.3:a:haxx:libcurl:7.28.1
  • Haxx » Libcurl » Version: 7.29.0
    cpe:2.3:a:haxx:libcurl:7.29.0
  • Haxx » Libcurl » Version: 7.30.0
    cpe:2.3:a:haxx:libcurl:7.30.0
  • Haxx » Libcurl » Version: 7.31.0
    cpe:2.3:a:haxx:libcurl:7.31.0
  • Haxx » Libcurl » Version: 7.32.0
    cpe:2.3:a:haxx:libcurl:7.32.0
  • Haxx » Libcurl » Version: 7.33.0
    cpe:2.3:a:haxx:libcurl:7.33.0
  • Canonical » Ubuntu Linux » Version: 12.04
    cpe:2.3:o:canonical:ubuntu_linux:12.04
  • Canonical » Ubuntu Linux » Version: 12.10
    cpe:2.3:o:canonical:ubuntu_linux:12.10
  • Canonical » Ubuntu Linux » Version: 13.04
    cpe:2.3:o:canonical:ubuntu_linux:13.04
  • Canonical » Ubuntu Linux » Version: 13.10
    cpe:2.3:o:canonical:ubuntu_linux:13.10
  • Debian » Debian Linux » Version: 7.0
    cpe:2.3:o:debian:debian_linux:7.0


Contact Us

Shodan ® - All rights reserved