CVE-2019-19270

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*
cpe:2.3:a:proftpd:proftpd:1.3.6:-:*:*:*:*:*:*
cpe:2.3:a:proftpd:proftpd:1.3.6:alpha:*:*:*:*:*:*
cpe:2.3:a:proftpd:proftpd:1.3.6:beta:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Information

Published : 2019-11-25 20:15

Updated : 2020-01-13 14:15


NVD link : CVE-2019-19270

Mitre link : CVE-2019-19270


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

fedoraproject

  • fedora

proftpd

  • proftpd