目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-295 证书验证不恰当 类漏洞列表 502

CWE-295 证书验证不恰当 类弱点 502 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-295 属于证书验证不当漏洞,指软件未正确验证数字证书的有效性或完整性。攻击者常利用此缺陷实施中间人攻击,通过伪造证书拦截并篡改通信数据,窃取敏感信息或注入恶意代码。开发者应确保严格校验证书链、域名匹配及有效期,禁用弱算法,并启用证书固定机制,以保障传输层安全,防止身份冒充和数据泄露。

MITRE CWE 官方描述
CWE:CWE-295 证书验证不当 英文:产品未对证书进行验证,或验证不正确。
常见影响 (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
缓解措施 (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
代码示例 (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2023-1409 MongoDB Server 信任管理问题漏洞 — MongoDB Server 5.3 Medium2023-08-23
CVE-2023-38686 Matrix Sydent 信任管理问题漏洞 — sydent 9.3 Critical2023-08-04
CVE-2023-3615 Mattermost 信任管理问题漏洞 — Mattermost iOS app 8.1 High2023-07-17
CVE-2023-31190 BlueMark Innovations DroneScout ds230 授权问题漏洞 — ds230 8.1 High2023-07-11
CVE-2023-23546 Milesight UR32L 信任管理问题漏洞 — UR32L 4.2 Medium2023-07-06
CVE-2023-32464 Dell VxRail 信任管理问题漏洞 — Dell EMC VxRail Appliance 2.7 Low2023-06-23
CVE-2023-29175 Fortinet FortiOS 信任管理问题漏洞 — FortiOS 4.4 Medium2023-06-13
CVE-2023-1664 Red Hat Keycloak 信任管理问题漏洞 — Keycloak 8.2 -2023-05-26
CVE-2023-28321 curl 信任管理问题漏洞 — https://github.com/curl/curl 5.3 -2023-05-26
CVE-2023-20881 Cloud Foundry CAPI 信任管理问题漏洞 — Cloud Controller API 7.4 -2023-05-19
CVE-2022-45458 Acronis Agent和Acronis Cyber Protect 信任管理问题漏洞 — Acronis Agent 9.1 -2023-05-18
CVE-2022-45457 Acronis Agent和Acronis Cyber Protect 信任管理问题漏洞 — Acronis Agent 9.1 -2023-05-18
CVE-2023-31151 Schweitzer Engineering Laboratories Real Time Automation Controller 信任管理问题漏洞 — SEL-3505 4.7 Medium2023-05-10
CVE-2022-39161 IBM WebSphere Application Server 信任管理问题漏洞 — WebSphere Application Server 4.8 Medium2023-05-03
CVE-2023-24461 F5 BIG-IP Edge Gateway 信任管理问题漏洞 — BIG-IP Edge Client 7.4 High2023-05-03
CVE-2022-48186 Lenovo Baiying 信任管理问题漏洞 — Baiying 6.2 Medium2023-05-01
CVE-2023-22642 Fortinet FortiManager 信任管理问题漏洞 — FortiAnalyzer 6.8 High2023-04-11
CVE-2023-28093 Pegasystem Synchronization Engine 信任管理问题漏洞 — RPA: Synchronization Engine 6.5 -2023-04-10
CVE-2023-29000 Nextcloud 信任管理问题漏洞 — security-advisories 5.4 Medium2023-04-04
CVE-2022-27644 NETGEAR R6700v3 信任管理问题漏洞 — R6700v3 8.1 -2023-03-29
CVE-2021-21548 Dell EMC Unisphere for PowerMax信任管理问题漏洞 — Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance , PowerMax OS 7.4 High2023-03-17
CVE-2022-4895 Hitachi Infrastructure Analytics Advisor 信任管理问题漏洞 — Hitachi Infrastructure Analytics Advisor 8.6 High2023-02-28
CVE-2022-39948 Fortinet FortiOS 信任管理问题漏洞 — FortiProxy 4.4 Medium2023-02-16
CVE-2022-34404 Dell System Update 信任管理问题漏洞 — System Update 6.5 Medium2023-02-10
CVE-2022-3913 Rapid7 Nexpose 信任管理问题漏洞 — Nexpose 5.3 Medium2023-02-01
CVE-2022-45100 Dell PowerScale OneFS 信任管理问题漏洞 — PowerScale OneFS 8.1 High2023-02-01
CVE-2022-32748 Schneider Electric EcoStruxure Cybersecurity Admin Expert 信任管理问题漏洞 — EcoStruxure™ Cybersecurity Admin Expert (CAE) 7.9 High2023-01-30
CVE-2023-0509 pyload 信任管理问题漏洞 — pyload/pyload 7.4 -2023-01-26
CVE-2022-32531 Apache BookKeeper 信任管理问题漏洞 — Apache BookKeeper 5.9 -2022-12-15
CVE-2022-46153 Containous Traefik 信任管理问题漏洞 — traefik 8.1 High2022-12-08

CWE-295(证书验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 502 条 CVE 漏洞。