{"id":"CVE-2014-2903","details":"CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.","modified":"2026-04-10T03:44:39.259465Z","published":"2017-10-06T15:29:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/62604"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2014/04/18/2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2014/04/18/2"},{"type":"REPORT","url":"http://secunia.com/advisories/62604"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}