Security Advisory

CVE-2013-7449

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-04-21 14:00:00

Last updated 2024-08-06 18:09:16

Assigner mitre

State PUBLISHED

Description

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

← Browse all CVEs View on cve.org ↗