Lucene search
HistoryNov 24, 2014 - 3:59 p.m.
CVE-2014-8627
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
65.9%
PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
Affected configurations
Node
polarsslpolarsslMatch1.3.8
Related
nessus
nessus
PolarSSL Weak Signature Algorithm Negotiation
2015-01-07 00:00:00
Fedora 20 : polarssl-1.2.12-1.fc20 (2014-14898)
2014-11-24 00:00:00
openSUSE Security Update : polarssl (openSUSE-SU-2014:1457-1)
2014-11-20 00:00:00
cvelist
cvelist
CVE-2014-8627
2014-11-24 15:00:00
ubuntucve
ubuntucve
CVE-2014-8627
2014-11-24 00:00:00
prion
prion
Code injection
2014-11-24 15:59:00
cve
cve
CVE-2014-8627
2014-11-24 15:59:11
mageia
mageia
Updated polarssl package fix security vulnerabilities
2014-11-22 13:54:50
Updated polarssl & hiawatha packages fix security vulnerabilities
2015-05-05 16:36:50
archlinux
archlinux
polarssl: multiple issues
2014-11-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0481)
2022-01-28 00:00:00
Fedora Update for polarssl FEDORA-2014-14912
2014-11-23 00:00:00
Fedora Update for polarssl FEDORA-2014-14898
2014-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: polarssl-1.2.12-1.fc20
2014-11-22 12:45:21
[SECURITY] Fedora 19 Update: polarssl-1.2.12-1.fc19
2014-11-22 12:43:01
osv
osv
libmbedcrypto7-2.28.3-1.1 on GA media
2024-06-15 00:00:00
libmbedcrypto0-2.4.0-1.2 on GA media
2024-06-15 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
65.9%
Related for NVD:CVE-2014-8627