CVE-2014-8627

CVE-2014-8627

EPSS 2.1%

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html http://secunia.com/advisories/61220 https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released