Improper Wildcard Matching in Botan 1.11.x before 1.11.22

Improper Wildcard Matching in Botan 1.11.x before 1.11.22

CVE-2015-7826 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.

Learn more about our Web Application Penetration Testing UK.