Lucene search

K
cve[email protected]CVE-2013-6659
HistoryFeb 24, 2014 - 4:48 a.m.

CVE-2013-6659

2014-02-2404:48:10
CWE-310
web.nvd.nist.gov
33
ssl
google chrome
cve-2013-6659
security vulnerability
tls renegotiation
x.509 certificate

6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

47.7%

The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user’s expectations, by initiating a TLS renegotiation.

Affected configurations

NVD
Node
googlechromeRange33.0.1750.116
OR
googlechromeMatch33.0.1750.0
OR
googlechromeMatch33.0.1750.1
OR
googlechromeMatch33.0.1750.2
OR
googlechromeMatch33.0.1750.3
OR
googlechromeMatch33.0.1750.4
OR
googlechromeMatch33.0.1750.5
OR
googlechromeMatch33.0.1750.6
OR
googlechromeMatch33.0.1750.7
OR
googlechromeMatch33.0.1750.8
OR
googlechromeMatch33.0.1750.9
OR
googlechromeMatch33.0.1750.10
OR
googlechromeMatch33.0.1750.11
OR
googlechromeMatch33.0.1750.12
OR
googlechromeMatch33.0.1750.13
OR
googlechromeMatch33.0.1750.14
OR
googlechromeMatch33.0.1750.15
OR
googlechromeMatch33.0.1750.16
OR
googlechromeMatch33.0.1750.18
OR
googlechromeMatch33.0.1750.19
OR
googlechromeMatch33.0.1750.20
OR
googlechromeMatch33.0.1750.21
OR
googlechromeMatch33.0.1750.22
OR
googlechromeMatch33.0.1750.23
OR
googlechromeMatch33.0.1750.24
OR
googlechromeMatch33.0.1750.25
OR
googlechromeMatch33.0.1750.26
OR
googlechromeMatch33.0.1750.27
OR
googlechromeMatch33.0.1750.28
OR
googlechromeMatch33.0.1750.29
OR
googlechromeMatch33.0.1750.30
OR
googlechromeMatch33.0.1750.31
OR
googlechromeMatch33.0.1750.34
OR
googlechromeMatch33.0.1750.35
OR
googlechromeMatch33.0.1750.36
OR
googlechromeMatch33.0.1750.37
OR
googlechromeMatch33.0.1750.38
OR
googlechromeMatch33.0.1750.39
OR
googlechromeMatch33.0.1750.40
OR
googlechromeMatch33.0.1750.41
OR
googlechromeMatch33.0.1750.42
OR
googlechromeMatch33.0.1750.43
OR
googlechromeMatch33.0.1750.44
OR
googlechromeMatch33.0.1750.45
OR
googlechromeMatch33.0.1750.46
OR
googlechromeMatch33.0.1750.47
OR
googlechromeMatch33.0.1750.48
OR
googlechromeMatch33.0.1750.49
OR
googlechromeMatch33.0.1750.50
OR
googlechromeMatch33.0.1750.51
OR
googlechromeMatch33.0.1750.52
OR
googlechromeMatch33.0.1750.53
OR
googlechromeMatch33.0.1750.54
OR
googlechromeMatch33.0.1750.55
OR
googlechromeMatch33.0.1750.56
OR
googlechromeMatch33.0.1750.57
OR
googlechromeMatch33.0.1750.58
OR
googlechromeMatch33.0.1750.59
OR
googlechromeMatch33.0.1750.60
OR
googlechromeMatch33.0.1750.61
OR
googlechromeMatch33.0.1750.62
OR
googlechromeMatch33.0.1750.63
OR
googlechromeMatch33.0.1750.64
OR
googlechromeMatch33.0.1750.65
OR
googlechromeMatch33.0.1750.66
OR
googlechromeMatch33.0.1750.67
OR
googlechromeMatch33.0.1750.68
OR
googlechromeMatch33.0.1750.69
OR
googlechromeMatch33.0.1750.70
OR
googlechromeMatch33.0.1750.71
OR
googlechromeMatch33.0.1750.73
OR
googlechromeMatch33.0.1750.74
OR
googlechromeMatch33.0.1750.75
OR
googlechromeMatch33.0.1750.76
OR
googlechromeMatch33.0.1750.77
OR
googlechromeMatch33.0.1750.79
OR
googlechromeMatch33.0.1750.80
OR
googlechromeMatch33.0.1750.81
OR
googlechromeMatch33.0.1750.82
OR
googlechromeMatch33.0.1750.83
OR
googlechromeMatch33.0.1750.85
OR
googlechromeMatch33.0.1750.88
OR
googlechromeMatch33.0.1750.89
OR
googlechromeMatch33.0.1750.90
OR
googlechromeMatch33.0.1750.91
OR
googlechromeMatch33.0.1750.92
OR
googlechromeMatch33.0.1750.93
OR
googlechromeMatch33.0.1750.104
OR
googlechromeMatch33.0.1750.106
OR
googlechromeMatch33.0.1750.107
OR
googlechromeMatch33.0.1750.108
OR
googlechromeMatch33.0.1750.109
OR
googlechromeMatch33.0.1750.110
OR
googlechromeMatch33.0.1750.111
OR
googlechromeMatch33.0.1750.112
OR
googlechromeMatch33.0.1750.113
OR
googlechromeMatch33.0.1750.115

6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

47.7%