CVE-2012-6086

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2012-6086

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-6086.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-6086

Downstream

DEBIAN-CVE-2012-6086

Published

2014-01-29T18:55:26Z

Modified

2026-04-10T03:42:33.219688Z

Summary

[none]

Details

libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPTSSLVERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

http://www.securityfocus.com/bid/57103
https://support.zabbix.com/browse/ZBX-5924
http://www.openwall.com/lists/oss-security/2013/01/03/1

CVE-2012-6086

Affected packages