Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Serf 安全漏洞
Vulnerability Description
Serf是一套服务发现和编排解决方案。该方案支持检测故障节点、添加负载均衡器等。 Serf 1.3.7之前0.2.0至1.3.x版本的‘serf_ssl_cert_issuer’、‘serf_ssl_cert_subject’和‘serf_ssl_cert_certificate’函数中存在安全漏洞,该漏洞源于程序没有正确处理X.509证书中Common Name (CN)字段的域名中的NUL字节。攻击者可通过特制的证书利用该漏洞实施中间人攻击,伪造数据,欺骗任意SSL服务器。
CVSS Information
N/A
Vulnerability Type
N/A