Man-in-the-Middle Attack via Crafted DNS PTR Records in POCO C++ Libraries

Man-in-the-Middle Attack via Crafted DNS PTR Records in POCO C++ Libraries

CVE-2014-0350 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

Learn more about our Cis Benchmark Audit For Server Software.