Lucene search

[email protected]NVD:CVE-2014-1490

HistoryFeb 06, 2014 - 5:44 a.m.

CVE-2014-1490

2014-02-0605:44:25

CWE-362

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Affected configurations

NVD

Node

mozillafirefoxRange<27.0

mozillafirefox_esrRange<24.3

mozillanetwork_security_servicesRange<3.15.4

mozillaseamonkeyRange<2.24

mozillathunderbirdRange<24.3.0

Node

oracleenterprise_manager_ops_centerRange<12.1.4

oracleenterprise_manager_ops_centerMatch12.2.0

oracleenterprise_manager_ops_centerMatch12.2.1

oracleenterprise_manager_ops_centerMatch12.3.0

oraclevm_serverMatch3.2x86

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

Node

debiandebian_linuxMatch7.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

osvdb.org/102876

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/56706

secunia.com/advisories/56767

secunia.com/advisories/56787

secunia.com/advisories/56858

secunia.com/advisories/56888

secunia.com/advisories/56922

www.debian.org/security/2014/dsa-2858

www.mozilla.org/security/announce/2014/mfsa2014-12.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65335

www.securitytracker.com/id/1029717

www.securitytracker.com/id/1029720

www.securitytracker.com/id/1029721

www.ubuntu.com/usn/USN-2102-1

www.ubuntu.com/usn/USN-2102-2

www.ubuntu.com/usn/USN-2119-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

8pecxstudios.com/?page_id=44080

bugzilla.mozilla.org/show_bug.cgi?id=930857

bugzilla.mozilla.org/show_bug.cgi?id=930874

exchange.xforce.ibmcloud.com/vulnerabilities/90885

security.gentoo.org/glsa/201504-01

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for NVD:CVE-2014-1490

prion1 cvelist1 cve1 seebug1 ubuntucve1 debiancve1 mozilla1 openvas36 nessus37 redhat3 oraclelinux2 centos2 ibm4 veracode1 f52 debian1 ubuntu3 suse6 freebsd1 securityvulns1 oracle4 gentoo1