Description
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-05/0014.html
Scores
EPSS
0.0021
EPSS Percentile
42.9%
Details
CWE
CWE-20
Status
published
Products (7)
emc/avamar
4.0
emc/avamar
4.1
emc/avamar
5.0 (3 CPE variants)
emc/avamar
5.0.0-407
emc/avamar
5.0.4-26
emc/avamar
6.0
emc/avamar
< 6.1.101-87
Published
May 03, 2013
Tracked Since
Feb 18, 2026