Vulnerability Data

GET https://vulnerabilitydata.com/api/details/CVE-2013-6422

{
	"id": "CVE-2013-6422",
	"published_date": "2013-12-23T22:55Z",
	"last_modified_date": "2016-04-07T20:55Z",
	"assigner": "secalert@redhat.com",
	"description": "The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.",
	"references": [
		{
			"url": "http://www.debian.org/security/2013/dsa-2824",
			"name": "DSA-2824",
			"refsource": "DEBIAN",
			"tags": []
		},
		{
			"url": "http://www.ubuntu.com/usn/USN-2058-1",
			"name": "USN-2058-1",
			"refsource": "UBUNTU",
			"tags": []
		},
		{
			"url": "http://curl.haxx.se/docs/adv_20131217.html",
			"name": "http://curl.haxx.se/docs/adv_20131217.html",
			"refsource": "CONFIRM",
			"tags": [
				"Vendor Advisory"
			]
		},
		{
			"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04463322",
			"name": "HPSBMU03112",
			"refsource": "HP",
			"tags": []
		},
		{
			"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
			"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
			"refsource": "CONFIRM",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
				"accessVector": "NETWORK",
				"accessComplexity": "HIGH",
				"authentication": "NONE",
				"confidentialityImpact": "PARTIAL",
				"integrityImpact": "PARTIAL",
				"availabilityImpact": "NONE",
				"baseScore": 4
			},
			"severity": "MEDIUM",
			"exploitabilityScore": 4.9,
			"impactScore": 4.9,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-20"
}