Описание
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 33.0.1750.152-0ubuntu1~pkg995.1 |
| lucid | ignored | end of life |
| precise | released | 33.0.1750.152-0ubuntu0.12.04.1~pkg879.1 |
| quantal | released | 33.0.1750.152-0ubuntu0.12.10.1~pkg895.1 |
| saucy | released | 33.0.1750.152-0ubuntu0.13.10.1~pkg984.1 |
| upstream | released | 33.0.1750.117 |
Показывать по
6.4 Medium
CVSS2
Связанные уязвимости
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socke ...
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation.
6.4 Medium
CVSS2