CVE-2013-1740
published 2014-01-18CVE-2013-1740: The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled…
medium5.8CVSS 3.1
AVNACMAuNCPIPAN
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nss | < nss 2:3.15.4-1 (bookworm) | nss 2:3.15.4-1 (bookworm) |
| mozilla | network_security_services | <= 3.15.3 | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
| mozilla | network_security_services | — | — |
CVSS provenance
nvd5.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv5.8MEDIUM