CVE-2014-3607: Hostname verification susceptible to MITM attack

January 8, 2018 (updated January 31, 2018)

The implementation used this package to check that the server hostname matches the domain name in the subject’s CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject.

References

shibboleth.net/community/advisories/secadv_20140919.txt
bugzilla.redhat.com/CVE-2014-3607

Detect and mitigate CVE-2014-3607 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →