Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
POCO C++ Libraries 加密问题漏洞
Vulnerability Description
POCO C++ Libraries是奥地利软件开发者Gunter Obiltschnig所研发的一套C++的类库,它主要用以开发基于网络的可移植的应用程序,并提供线程、文件和流等功能。 POCO C++ Libraries 1.4.6p3及之前版本的NetSSL库中的‘Poco::Net::X509Certificate::verify’方法存在安全漏洞。攻击者可借助特制的DNS PTR记录利用该漏洞实施中间人攻击,欺骗SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A