CVE-2023-6057

HIGH Year: 2023
CVSS v3 Score
7.4
High
Weakness Type
CWE-295
View all →

Vulnerability Description

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Related Vulnerabilities

CVE-2012-0955

HIGH
CVSS:7.4(High)

software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under py...

CWE-2952012

CVE-2012-5817

HIGH
CVSS:7.4(High)

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) ...

CWE-2952012

CVE-2012-5819

HIGH
CVSS:7.4(High)

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker...

CWE-2952012

CVE-2012-5822

HIGH
CVSS:7.4(High)

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-...

CWE-2952012

CVE-2013-7201

HIGH
CVSS:7.4(High)

WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

CWE-2952013

CVE-2014-1266

HIGH
CVSS:7.4(High)

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6,...

CWE-2952014