← back
CVE-2006-4499

CVE-2006-4499

EPSS 0.7%
ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/21663http://www.justinsamuel.com/security-vulnerabilities/12/vulnerability-modernbill-insecure-curl-settings