Improper input validation in Git-scm Git
CVE-2013-0308
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoo…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.
Affected products
- Git-scm Git
- N/a — versions n/a
Weakness classification (CWE)
References
- 1028205 (vdb-entry, x_refsource_SECTRACK)
- RHSA-2013:0589 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- git-gitimapsend-spoofing(82329) (vdb-entry, x_refsource_XF)
- APPLE-SA-2013-09-18-3 (vendor-advisory, x_refsource_APPLE)
- 52361 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
- [ANNOUNCE] 20130220 Git v1.8.1.4 (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)