VDB
DEBIAN-CVE-2016-7099
DEBIAN-CVE-2016-7099
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Risk Scores
CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | nodejs | 0, 0, 0 |
| Debian:14 | nodejs | 0, 0, 0 |
| Debian:11 | nodejs | 0, 0, 0 |
| Debian:13 | nodejs | 0, 0, 0 |
Timeline
- Oct 10, 2016 CVE Published
- Apr 28, 2026 CVE Updated