PT-2016-6629 · Intel · Intel Crosswalk
Yakov Shafranovich
·
Publicado
2016-08-01
·
Atualizado
2018-10-09
·
CVE-2016-5672
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Intel Crosswalk versions prior to 19.49.514.5
Intel Crosswalk versions 20.x prior to 20.50.533.11
Intel Crosswalk versions 21.x prior to 21.51.546.0
Intel Crosswalk versions 22.x prior to 22.51.549.0
Description
The issue allows man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. This occurs because the software interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting.
Recommendations
For Intel Crosswalk versions prior to 19.49.514.5, update to version 19.49.514.5 or later.
For Intel Crosswalk versions 20.x prior to 20.50.533.11, update to version 20.50.533.11 or later.
For Intel Crosswalk versions 21.x prior to 21.51.546.0, update to version 21.51.546.0 or later.
For Intel Crosswalk versions 22.x prior to 22.51.549.0, update to version 22.51.549.0 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Intel Crosswalk