Описание
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2:3.15.4-1ubuntu3 |
| lucid | released | 3.15.4-0ubuntu0.10.04.1 |
| precise | released | 3.15.4-0ubuntu0.12.04.1 |
| quantal | released | 3.15.4-0ubuntu0.12.10.1 |
| raring | ignored | end of life |
| saucy | released | 2:3.15.4-0ubuntu0.13.10.1 |
| upstream | released | 2:3.15.4-1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Net ...
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
ELSA-2014-1246: nss and nspr security, bug fix, and enhancement update (MODERATE)
EPSS
5.8 Medium
CVSS2