Lucene search

[email protected]NVD:CVE-2014-1295

HistoryApr 23, 2014 - 11:52 a.m.

CVE-2014-1295

2014-04-2311:52:59

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

59.5%

JSON

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.”

Affected configurations

Nvd

Node

appleiphone_osRange≤7.1

appleiphone_osMatch7.0

appleiphone_osMatch7.0.1

appleiphone_osMatch7.0.2

appleiphone_osMatch7.0.3

appleiphone_osMatch7.0.4

appleiphone_osMatch7.0.5

appleiphone_osMatch7.0.6

Node

applemac_os_xMatch10.9

applemac_os_xMatch10.9.1

applemac_os_xMatch10.9.2

Node

appletvosRange≤6.1

appletvosMatch6.0

appletvosMatch6.0.1

appletvosMatch6.0.2

Node

applemac_os_xMatch10.8.0

applemac_os_xMatch10.8.1

applemac_os_xMatch10.8.2

applemac_os_xMatch10.8.3

applemac_os_xMatch10.8.4

applemac_os_xMatch10.8.5

applemac_os_xMatch10.8.5supplemental_update

References

archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

secure-resumption.com/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

59.5%

JSON

Related for NVD:CVE-2014-1295

prion1 cve1 cvelist1 openvas2 securityvulns7 nessus2