目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-295 证书验证不恰当 类漏洞列表 517

CWE-295 证书验证不恰当 类弱点 517 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-295 属于证书验证不当漏洞,指软件未正确验证数字证书的有效性或完整性。攻击者常利用此缺陷实施中间人攻击,通过伪造证书拦截并篡改通信数据,窃取敏感信息或注入恶意代码。开发者应确保严格校验证书链、域名匹配及有效期,禁用弱算法,并启用证书固定机制,以保障传输层安全,防止身份冒充和数据泄露。

MITRE CWE 官方描述
CWE:CWE-295 证书验证不当 英文:产品未对证书进行验证,或验证不正确。
常见影响 (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
缓解措施 (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
代码示例 (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2019-1948 Cisco Webex Meetings Mobile 信任管理问题漏洞 — Cisco WebEx Meetings for iOS 5.9 -2019-08-21
CVE-2019-3890 Evolution EWS 信任管理问题漏洞 — evolution-ews 6.5 -2019-08-01
CVE-2019-7615 Elasticsearch Elastic APM agent for Ruby 信任管理问题漏洞 — Elastic APM agent for Ruby 7.4 -2019-07-30
CVE-2019-1010275 helm 信任管理问题漏洞 — helm 9.1 -2019-07-17
CVE-2018-5408 PrinterLogic Print Management 信任管理问题漏洞 — Management Software 7.4 -2019-05-08
CVE-2019-1590 Cisco Nexus 9000 Series Switch 信任管理问题漏洞 — Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode 8.1 -2019-05-03
CVE-2019-1757 Cisco IOS和IOS XE 信任管理问题漏洞 — Cisco IOS and IOS XE Software 5.9 -2019-03-28
CVE-2019-1748 Cisco IOS和IOS XE Cisco Network Plug-and-Play代理信任管理问题漏洞 — Cisco IOS and IOS XE Software 7.4 -2019-03-27
CVE-2019-3814 Dovecot 信任管理问题漏洞 — dovecot 5.3 -2019-03-27
CVE-2019-3841 kubevirt containerized data importer 安全漏洞 — kubevirt/virt-cdi-importer 5.9 -2019-03-25
CVE-2019-3777 Pivotal Software Pivotal Application Service 信任管理问题漏洞 — Apps Manager 9.1 -2019-03-07
CVE-2019-1683 Cisco SPA112、SPA525和SPA5X5 Series 信任管理问题漏洞 — Cisco Small Business SPA500 Series IP Phones 7.4 -2019-02-25
CVE-2019-1659 Cisco Prime Infrastructure Software 信任管理问题漏洞 — Cisco Prime Infrastructure 4.0 -2019-02-21
CVE-2018-0434 Cisco SD-WAN Solution 安全漏洞 — Cisco SD-WAN Solution 7.4 -2018-10-05
CVE-2016-7075 Red Hat OpenShift Enterprise 信任管理问题漏洞 — OpenShift 9.8 -2018-09-10
CVE-2017-7513 Red Hat Satellite 安全漏洞 — Red Hat Satellite 4.2 -2018-08-22
CVE-2017-13105 Hi Security Virus Cleaner-Antivirus,Booster for Android 安全漏洞 — Virus Cleaner - Antivirus, Booster 5.9 -2018-08-15
CVE-2017-2648 CloudBees Jenkins SSH Slaves插件安全漏洞 — jenkins-ssh-slaves-plugin 5.6 -2018-07-27
CVE-2017-2649 CloudBees Jenkins Active Directory插件安全漏洞 — Active Directory Jenkins plugin 8.1 -2018-07-27
CVE-2017-2629 Haxx curl和libcurl 安全漏洞 — curl 5.9 -2018-07-27
CVE-2017-2623 rpm-ostree和rpm-ostree-client 安全漏洞 — rpm-ostree, 5.3 -2018-07-27
CVE-2017-2639 Red Hat CloudForms 安全漏洞 — CloudForms 7.5 -2018-07-27
CVE-2017-7562 MIT krb5 信任管理问题漏洞 — krb5 6.5 -2018-07-26
CVE-2017-3182 ThreatMetrix SDK for iOS 安全漏洞 — SDK 6.8 -2018-07-24
CVE-2017-7468 Haxx curl/libcurl 安全漏洞 — curl 9.1 -2018-07-16
CVE-2016-6562 Shoretel Mobility Client 安全漏洞 — Mobility Client iOS 5.3 -2018-07-13
CVE-2018-0334 Cisco AnyConnect Network Access Manager和AnyConnect Secure Mobility Client 安全特征问题漏洞 — Cisco AnyConnect Secure Mobility Client unknown 8.2 -2018-06-07
CVE-2016-10534 electron-packager 安全漏洞 — electron-packager node module 5.9 -2018-05-31
CVE-2018-0277 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine 8.6 -2018-05-17
CVE-2018-4849 Siemens Siveillance VMS Video for Android和iOS 安全漏洞 — Siveillance VMS Video for Android, Siveillance VMS Video for iOS 7.4 -2018-05-03

CWE-295(证书验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 517 条 CVE 漏洞。