Описание
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 31.0.1650.63-0ubuntu1~20131204.1 |
| lucid | ignored | end of life |
| precise | released | 31.0.1650.63-0ubuntu0.12.04.1~20131204.1 |
| quantal | released | 31.0.1650.63-0ubuntu0.12.10.1~20131204.1 |
| raring | released | 31.0.1650.63-0ubuntu0.13.04.1~20131204.1 |
| saucy | released | 31.0.1650.63-0ubuntu0.13.10.1~20131204.1 |
| upstream | released | 31.0.1650.48 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Googl ...
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.
EPSS
4.3 Medium
CVSS2