{"containers":{"cna":{"affected":[{"vendor":"OpenWRT","product":"OpenWRT","versions":[{"version":"OpenWrt 15.05.1, via wget (busybox)","status":"affected"},{"version":"OpenWrt 18.06.4, via wget (uclient-fetch)","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-295: Improper Certificate Validation","type":"CWE","cweId":"CWE-295"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM"}}],"providerMetadata":{"orgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","shortName":"talos","dateUpdated":"2023-07-12T17:51:22.497Z"},"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"}],"credits":[{"lang":"en","value":"Discovered by Claudio Bozzato of Cisco Talos."}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T19:47:56.183Z"},"title":"CVE Program Container","references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893","tags":["x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b","assignerShortName":"talos","cveId":"CVE-2019-5102","datePublished":"2019-11-18T17:59:30.000Z","dateReserved":"2019-01-04T00:00:00.000Z","dateUpdated":"2024-08-04T19:47:56.183Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}