← voltar
CVE-2014-1295

CVE-2014-1295

EPSS 0.9%
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0136.htmlhttps://secure-resumption.com/