Lucene search
GoogleOSV:GO-2021-0154HistoryMay 25, 2022 - 9:11 p.m.
Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls
2022-05-2521:11:41
Google
osv.dev
7
When SessionTicketsDisabled is enabled, crypto/tls allowed man-in-the-middle attackers to spoof clients via unspecified vectors.
If the server enables TLS client authentication using certificates (this is rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config, then a malicious client can falsely assert ownership of any client certificate it wishes.
Related
nessus
nessus
Fedora 19 : golang-1.3.3-1.fc19 (2014-11971)
2014-10-12 00:00:00
Amazon Linux AMI : golang (ALAS-2014-437)
2014-11-03 00:00:00
Fedora 20 : golang-1.3.3-1.fc20 (2014-12077)
2014-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: golang-1.3.3-1.fc21
2014-11-10 06:42:16
[SECURITY] Fedora 19 Update: golang-1.3.3-1.fc19
2014-10-11 07:03:24
[SECURITY] Fedora 20 Update: golang-1.3.3-1.fc20
2014-10-11 06:59:56
amazon
amazon
Medium: golang
2014-10-28 17:15:00
veracode
veracode
Man-in-the-Middle (MitM)
2017-05-03 05:22:07
openvas
openvas
Fedora Update for golang FEDORA-2014-11971
2014-10-12 00:00:00
Fedora Update for golang FEDORA-2014-12077
2014-10-12 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-437)
2015-09-08 00:00:00
ubuntucve
ubuntucve
CVE-2014-7189
2014-10-07 00:00:00
mageia
mageia
Updated golang packages fix CVE-2014-7189
2014-10-09 18:39:32
cvelist
cvelist
CVE-2014-7189
2014-10-07 14:00:00
prion
prion
Design/Logic Flaw
2014-10-07 14:55:00
cve
cve
CVE-2014-7189
2014-10-07 14:55:07
nvd
nvd
CVE-2014-7189
2014-10-07 14:55:07
ibm
ibm
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48