Описание
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
Ссылки
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Issue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.2 (включая) до 2.0.6 (включая)
cpe:2.3:a:yaws:yaws:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00113
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-326
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 5 лет назад
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
CVSS3: 5.5
debian
больше 5 лет назад
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...
CVSS3: 5.5
github
больше 3 лет назад
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks.
EPSS
Процентиль: 30%
0.00113
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-326