Search for vulnerabilities
Vulnerability details: VCID-m615-4hpz-aaae
Vulnerability ID VCID-m615-4hpz-aaae
Aliases CVE-2014-8151
Summary The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Status Published
Exploitability 0.5
Weighted Severity 5.2
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-697 Incorrect Comparison
CWE-295 Improper Certificate Validation
CWE-297 Improper Validation of Certificate with Host Mismatch
System Score Found at
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00148 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00391 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.00965 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
epss 0.03445 https://api.first.org/data/v1/epss?cve=CVE-2014-8151
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1178698
cvssv3.1 Medium https://curl.se/docs/CVE-2014-8151.html
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2014-8151
Reference id Reference type URL
http://curl.haxx.se/docs/adv_20150108A.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8151.json
https://api.first.org/data/v1/epss?cve=CVE-2014-8151
https://curl.se/docs/CVE-2014-8151.html
http://secunia.com/advisories/61925
https://security.gentoo.org/glsa/201701-47
https://support.apple.com/kb/HT205031
1178698 https://bugzilla.redhat.com/show_bug.cgi?id=1178698
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
CVE-2014-8151 https://nvd.nist.gov/vuln/detail/CVE-2014-8151
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-8151
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.51685
EPSS Score 0.00148
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.