How severe is CVE-2016-10536?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2016-10536?

This is classified as CWE-300, which is a common weakness in software security.

CVE-2016-10536 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.

Related Vulnerabilities

CVE-2017-12697

MEDIUM

CVSS:5.9(Medium)

A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive...

CWE-3002017

CVE-2017-15085

MEDIUM

CVSS:5.9(Medium)

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

CWE-3002017

CVE-2021-27768

MEDIUM

CVSS:5.9(Medium)

Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, th...

CWE-3002021

CVE-2021-31386

MEDIUM

CVSS:5.9(Medium)

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the ...

CWE-3002021

CVE-2023-38272

MEDIUM

CVSS:5.9(Medium)

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network...

CWE-3002023

CVE-2023-4885

MEDIUM

CVSS:5.9(Medium)

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.

CWE-3002023