CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-06T15:00:00
Updated: 2024-08-06T10:28:46.292Z
Reserved: 2014-04-18T00:00:00
Link: CVE-2014-2903
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-06T15:29:00.297
Modified: 2024-11-21T02:07:10.253
Link: CVE-2014-2903
Redhat
No data.