CVE-2013-0289
EPSS 0.61%
Description
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
How to fix CVE-2013-0289
To remediate CVE-2013-0289, upgrade the affected package to a fixed version below.
- Debian/isync—upgrade to 1.0.4-2.2 or later
Is CVE-2013-0289 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.4-2.2