Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ProFTPD mod_tls模块CA SSL证书验证漏洞
Vulnerability Description
ProFTPD是一个Unix平台上或是类Unix平台上(如Linux, FreeBSD等)的FTP服务器程序。 ProFTPD mod_tls模块存在CA SSL证书验证漏洞。 由于ProFTPD的mod_tls模块没有正确地处理X.509证书subjectAltName中的空字符(\0),在处理包含有空字符的证书字段时错误地将空字符处理为截止字符。攻击者可以通过放入一个空字符在“subjectAltName”证书字段中,来欺骗服务商接受潜在的恶意的SSL证书。 ProFTPD 1.3.2b之前的版本会受
CVSS Information
N/A
Vulnerability Type
N/A