NULbytes.patch - OpenGrok history log for /aoo41x/ext

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments
Revision tags: AOO4110-GA, AOO419-GA, AOO418-GA
# 5661f8d9	30-Sep-2020	Don Lewis	Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attack Fix handling of NUL characters in certificate fields A flaw was found in the way Serf handled NUL characters in the CommonName and SubjectAltNames fields of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using Serf (such as Subversion on Fedora 20 and later, refer also to bug 1127063) into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf show more ...

Revision (<<< Hide revision tags) (Show revision tags >>>)

Date

Author

Comments

Revision tags: AOO4110-GA, AOO419-GA, AOO418-GA

# 5661f8d9

30-Sep-2020

Don Lewis

Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attack

Fix handling of NUL characters in certificate fields

A flaw was found in the way Serf handled NUL characters in the CommonName
and SubjectAltNames fields of X.509 certificates. An attacker able to
get a carefully-crafted certificate signed by a trusted Certificate
Authority could trick applications using Serf (such as Subversion on
Fedora 20 and later, refer also to bug 1127063) into accepting it by
mistake, allowing the attacker to perform a man-in-the-middle attack.

Patch by: Ben Reser of WANdisco via Serf Project and Apache Serf

Last Index update Wed Jun 26 21:03:06 UTC 2024

Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
OpenOffice, OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation.
Other names appearing on the site may be trademarks of their respective owners.