Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2015-3996

The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.4%
CVSS Severity
CVSS v2 Score 4.3
Products affected by CVE-2015-3996


Contact Us

Shodan ® - All rights reserved