Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
BID:58136
Info
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
| Bugtraq ID: | 58136 |
| Class: | Design Error |
| CVE: |
CVE-2013-0253 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2013 12:00AM |
| Updated: | Apr 11 2013 10:48AM |
| Credit: | Graham Leggett |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
Apache Maven and Maven Wagon are prone to a security-bypass vulnerability because they fail to properly validate SSL certificates from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
The following are vulnerable:
Apache Maven version 3.0.4
Apache Maven Wagon versions 2.1, 2.2, and 2.3
Apache Maven and Maven Wagon are prone to a security-bypass vulnerability because they fail to properly validate SSL certificates from the server.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.
The following are vulnerable:
Apache Maven version 3.0.4
Apache Maven Wagon versions 2.1, 2.2, and 2.3
Exploit / POC
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
An attacker can use readily available network utilities to exploit this issue.
An attacker can use readily available network utilities to exploit this issue.
Solution / Fix
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
References:
References: