OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-01 01:00:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ca7b554f5babe416220eda5846f34cd2f2ca1237
advisory-db/crates/hyper/RUSTSEC-2016-0002.toml
Tony Arcieri 01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
2019-09-09 12:19:01 -07:00

24 lines
774 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2016-0002"
package = "hyper"
date = "2016-05-09"
url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-09"
title = "HTTPS MitM vulnerability due to lack of hostname verification"
categories = ["crypto-failure"]
keywords = ["ssl", "mitm"]
patched_versions = [">= 0.9.4"]
references = ["RUSTSEC-2016-0001"]
description = """
When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
perform hostname verification when making HTTPS requests.
This allows an attacker to perform MitM attacks by preventing any valid
CA-issued certificate, even if there's a hostname mismatch.
The problem was addressed by leveraging rust-openssl's built-in support for
hostname verification.
"""
[affected]
os = ["windows"]
Reference in New Issue View Git Blame Copy Permalink