Security Advisory

CVE-2015-3996

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-10-27 16:00:00

Last updated 2024-08-06 06:04:02

Assigner mitre

State PUBLISHED

Description

The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subjects Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

← Browse all CVEs View on cve.org ↗