1. Home
  2. Vulnerabilities
  3. CVE-2014-1492

CVE-2014-1492

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.16 % (54th)
0.16% Progress
Affected Products 1
Advisories 11
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2014-03-25 13:25:38
(10 years ago)
Updated Date
2018-10-09 19:42:51
(6 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Network Security Services 3.15.5 and prior versions cpe:2.3:a:mozilla:network_security_services <= 3.15.5
  Mozilla Network Security Services 3.2 cpe:2.3:a:mozilla:network_security_services:3.2
  Mozilla Network Security Services 3.2.1 cpe:2.3:a:mozilla:network_security_services:3.2.1
  Mozilla Network Security Services 3.3 cpe:2.3:a:mozilla:network_security_services:3.3
  Mozilla Network Security Services 3.3.1 cpe:2.3:a:mozilla:network_security_services:3.3.1
  Mozilla Network Security Services 3.3.2 cpe:2.3:a:mozilla:network_security_services:3.3.2
  Mozilla Network Security Services 3.4 cpe:2.3:a:mozilla:network_security_services:3.4
  Mozilla Network Security Services 3.4.1 cpe:2.3:a:mozilla:network_security_services:3.4.1
  Mozilla Network Security Services 3.4.2 cpe:2.3:a:mozilla:network_security_services:3.4.2
  Mozilla Network Security Services 3.5 cpe:2.3:a:mozilla:network_security_services:3.5
  Mozilla Network Security Services 3.6 cpe:2.3:a:mozilla:network_security_services:3.6
  Mozilla Network Security Services 3.6.1 cpe:2.3:a:mozilla:network_security_services:3.6.1
  Mozilla Network Security Services 3.7 cpe:2.3:a:mozilla:network_security_services:3.7
  Mozilla Network Security Services 3.7.1 cpe:2.3:a:mozilla:network_security_services:3.7.1
  Mozilla Network Security Services 3.7.2 cpe:2.3:a:mozilla:network_security_services:3.7.2
  Mozilla Network Security Services 3.7.3 cpe:2.3:a:mozilla:network_security_services:3.7.3
  Mozilla Network Security Services 3.7.5 cpe:2.3:a:mozilla:network_security_services:3.7.5
  Mozilla Network Security Services 3.7.7 cpe:2.3:a:mozilla:network_security_services:3.7.7
  Mozilla Network Security Services 3.8 cpe:2.3:a:mozilla:network_security_services:3.8
  Mozilla Network Security Services 3.9 cpe:2.3:a:mozilla:network_security_services:3.9
  Mozilla Network Security Services 3.11.2 cpe:2.3:a:mozilla:network_security_services:3.11.2
  Mozilla Network Security Services 3.11.3 cpe:2.3:a:mozilla:network_security_services:3.11.3
  Mozilla Network Security Services 3.11.4 cpe:2.3:a:mozilla:network_security_services:3.11.4
  Mozilla Network Security Services 3.11.5 cpe:2.3:a:mozilla:network_security_services:3.11.5
  Mozilla Network Security Services 3.12 cpe:2.3:a:mozilla:network_security_services:3.12
  Mozilla Network Security Services 3.12.1 cpe:2.3:a:mozilla:network_security_services:3.12.1
  Mozilla Network Security Services 3.12.2 cpe:2.3:a:mozilla:network_security_services:3.12.2
  Mozilla Network Security Services 3.12.3 cpe:2.3:a:mozilla:network_security_services:3.12.3
  Mozilla Network Security Services 3.12.3.1 cpe:2.3:a:mozilla:network_security_services:3.12.3.1
  Mozilla Network Security Services 3.12.3.2 cpe:2.3:a:mozilla:network_security_services:3.12.3.2
  Mozilla Network Security Services 3.12.4 cpe:2.3:a:mozilla:network_security_services:3.12.4
  Mozilla Network Security Services 3.12.5 cpe:2.3:a:mozilla:network_security_services:3.12.5
  Mozilla Network Security Services 3.12.6 cpe:2.3:a:mozilla:network_security_services:3.12.6
  Mozilla Network Security Services 3.12.7 cpe:2.3:a:mozilla:network_security_services:3.12.7
  Mozilla Network Security Services 3.12.8 cpe:2.3:a:mozilla:network_security_services:3.12.8
  Mozilla Network Security Services 3.12.9 cpe:2.3:a:mozilla:network_security_services:3.12.9
  Mozilla Network Security Services 3.12.10 cpe:2.3:a:mozilla:network_security_services:3.12.10
  Mozilla Network Security Services 3.12.11 cpe:2.3:a:mozilla:network_security_services:3.12.11
  Mozilla Network Security Services 3.14 cpe:2.3:a:mozilla:network_security_services:3.14
  Mozilla Network Security Services 3.14.1 cpe:2.3:a:mozilla:network_security_services:3.14.1
  Mozilla Network Security Services 3.14.2 cpe:2.3:a:mozilla:network_security_services:3.14.2
  Mozilla Network Security Services 3.14.3 cpe:2.3:a:mozilla:network_security_services:3.14.3
  Mozilla Network Security Services 3.14.4 cpe:2.3:a:mozilla:network_security_services:3.14.4
  Mozilla Network Security Services 3.14.5 cpe:2.3:a:mozilla:network_security_services:3.14.5
  Mozilla Network Security Services 3.15 cpe:2.3:a:mozilla:network_security_services:3.15
  Mozilla Network Security Services 3.15.1 cpe:2.3:a:mozilla:network_security_services:3.15.1
  Mozilla Network Security Services 3.15.2 cpe:2.3:a:mozilla:network_security_services:3.15.2
  Mozilla Network Security Services 3.15.3 cpe:2.3:a:mozilla:network_security_services:3.15.3
  Mozilla Network Security Services 3.15.3.1 cpe:2.3:a:mozilla:network_security_services:3.15.3.1
  Mozilla Network Security Services 3.15.4 cpe:2.3:a:mozilla:network_security_services:3.15.4