Lucene search
HistoryFeb 24, 2014 - 4:48 a.m.
CVE-2013-6659
ssl
google chrome
cve-2013-6659
security vulnerability
tls renegotiation
x.509 certificate
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.7%
The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user’s expectations, by initiating a TLS renegotiation.
Affected configurations
Node
googlechromeRange≤33.0.1750.116
ORgooglechromeMatch33.0.1750.0
ORgooglechromeMatch33.0.1750.1
ORgooglechromeMatch33.0.1750.2
ORgooglechromeMatch33.0.1750.3
ORgooglechromeMatch33.0.1750.4
ORgooglechromeMatch33.0.1750.5
ORgooglechromeMatch33.0.1750.6
ORgooglechromeMatch33.0.1750.7
ORgooglechromeMatch33.0.1750.8
ORgooglechromeMatch33.0.1750.9
ORgooglechromeMatch33.0.1750.10
ORgooglechromeMatch33.0.1750.11
ORgooglechromeMatch33.0.1750.12
ORgooglechromeMatch33.0.1750.13
ORgooglechromeMatch33.0.1750.14
ORgooglechromeMatch33.0.1750.15
ORgooglechromeMatch33.0.1750.16
ORgooglechromeMatch33.0.1750.18
ORgooglechromeMatch33.0.1750.19
ORgooglechromeMatch33.0.1750.20
ORgooglechromeMatch33.0.1750.21
ORgooglechromeMatch33.0.1750.22
ORgooglechromeMatch33.0.1750.23
ORgooglechromeMatch33.0.1750.24
ORgooglechromeMatch33.0.1750.25
ORgooglechromeMatch33.0.1750.26
ORgooglechromeMatch33.0.1750.27
ORgooglechromeMatch33.0.1750.28
ORgooglechromeMatch33.0.1750.29
ORgooglechromeMatch33.0.1750.30
ORgooglechromeMatch33.0.1750.31
ORgooglechromeMatch33.0.1750.34
ORgooglechromeMatch33.0.1750.35
ORgooglechromeMatch33.0.1750.36
ORgooglechromeMatch33.0.1750.37
ORgooglechromeMatch33.0.1750.38
ORgooglechromeMatch33.0.1750.39
ORgooglechromeMatch33.0.1750.40
ORgooglechromeMatch33.0.1750.41
ORgooglechromeMatch33.0.1750.42
ORgooglechromeMatch33.0.1750.43
ORgooglechromeMatch33.0.1750.44
ORgooglechromeMatch33.0.1750.45
ORgooglechromeMatch33.0.1750.46
ORgooglechromeMatch33.0.1750.47
ORgooglechromeMatch33.0.1750.48
ORgooglechromeMatch33.0.1750.49
ORgooglechromeMatch33.0.1750.50
ORgooglechromeMatch33.0.1750.51
ORgooglechromeMatch33.0.1750.52
ORgooglechromeMatch33.0.1750.53
ORgooglechromeMatch33.0.1750.54
ORgooglechromeMatch33.0.1750.55
ORgooglechromeMatch33.0.1750.56
ORgooglechromeMatch33.0.1750.57
ORgooglechromeMatch33.0.1750.58
ORgooglechromeMatch33.0.1750.59
ORgooglechromeMatch33.0.1750.60
ORgooglechromeMatch33.0.1750.61
ORgooglechromeMatch33.0.1750.62
ORgooglechromeMatch33.0.1750.63
ORgooglechromeMatch33.0.1750.64
ORgooglechromeMatch33.0.1750.65
ORgooglechromeMatch33.0.1750.66
ORgooglechromeMatch33.0.1750.67
ORgooglechromeMatch33.0.1750.68
ORgooglechromeMatch33.0.1750.69
ORgooglechromeMatch33.0.1750.70
ORgooglechromeMatch33.0.1750.71
ORgooglechromeMatch33.0.1750.73
ORgooglechromeMatch33.0.1750.74
ORgooglechromeMatch33.0.1750.75
ORgooglechromeMatch33.0.1750.76
ORgooglechromeMatch33.0.1750.77
ORgooglechromeMatch33.0.1750.79
ORgooglechromeMatch33.0.1750.80
ORgooglechromeMatch33.0.1750.81
ORgooglechromeMatch33.0.1750.82
ORgooglechromeMatch33.0.1750.83
ORgooglechromeMatch33.0.1750.85
ORgooglechromeMatch33.0.1750.88
ORgooglechromeMatch33.0.1750.89
ORgooglechromeMatch33.0.1750.90
ORgooglechromeMatch33.0.1750.91
ORgooglechromeMatch33.0.1750.92
ORgooglechromeMatch33.0.1750.93
ORgooglechromeMatch33.0.1750.104
ORgooglechromeMatch33.0.1750.106
ORgooglechromeMatch33.0.1750.107
ORgooglechromeMatch33.0.1750.108
ORgooglechromeMatch33.0.1750.109
ORgooglechromeMatch33.0.1750.110
ORgooglechromeMatch33.0.1750.111
ORgooglechromeMatch33.0.1750.112
ORgooglechromeMatch33.0.1750.113
ORgooglechromeMatch33.0.1750.115
Related
prion
prion
Code injection
2014-02-24 04:48:00
ubuntucve
ubuntucve
CVE-2013-6659
2014-02-24 00:00:00
debiancve
debiancve
CVE-2013-6659
2014-02-24 04:48:00
nvd
nvd
CVE-2013-6659
2014-02-24 04:48:10
chrome
chrome
Stable Channel Update for Chrome OS
2014-02-24 00:00:00
Stable Channel Update
2014-02-20 00:00:00
cvelist
cvelist
CVE-2013-6659
2014-02-24 02:00:00
nessus
nessus
openSUSE Security Update : chromium (openSUSE-SU-2014:0327-1)
2014-06-13 00:00:00
Google Chrome < 33.0.1750.117 Multiple Vulnerabilities (Mac OS X)
2014-02-21 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities-02 (Feb 2014) - Mac OS X
2014-02-26 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Feb 2014) - Linux
2014-02-26 00:00:00
Mageia: Security Advisory (MGASA-2014-0107)
2022-01-28 00:00:00
mageia
mageia
Updated chromium-browser-stable packages address multiple vulnerabilities
2014-02-28 02:07:50
threatpost
threatpost
Google Fixes 28 Security Flaws in Chrome 33
2014-02-20 14:13:49
seebug
seebug
Google Chrome 33.0.1750.117之前版本多个安全漏洞
2014-02-24 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-02-20 00:00:00
securityvulns
securityvulns
Chromium / Google Chrome multiple security vulnerabilities
2014-03-27 00:00:00
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-25 00:00:00
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
gentoo
gentoo
Chromium, V8: Multiple vulnerabilities
2014-03-05 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.7%
Related for CVE-2013-6659