Information disclosure in U - CVE-2016-6550
Published: October 5, 2016 / Updated: October 5, 2016
Vulnerability identifier: #VU768
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6550
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: BB&T
Affected software:
U
U
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive data on the target system.
The weakness is caused by incorrect verification of X.509 certificates from SSL servers. Via specially crafted certificate man-in-th-middle attackers can spoof servers and access important files.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
The weakness is caused by incorrect verification of X.509 certificates from SSL servers. Via specially crafted certificate man-in-th-middle attackers can spoof servers and access important files.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
How to mitigate CVE-2016-6550
Cybersecurity Help is currently unaware of any official patch, which addresses this vulnerability.