Lucene search

PRIOn knowledge basePRION:CVE-2014-1295

HistoryApr 23, 2014 - 11:52 a.m.

Design/Logic Flaw

2014-04-2311:52:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack.”

CPENameOperatorVersion
iphone_oseq7.0.4
iphone_osle7.1
iphone_oseq7.0.5
iphone_oseq7.0.6
iphone_oseq7.0.1
iphone_oseq7.0.2
iphone_oseq7.0
iphone_oseq7.0.3
mac_os_xeq10.9.2
mac_os_xeq10.9

Name	Operator	Version
iphone_os	eq	7.0.4
iphone_os	le	7.1
iphone_os	eq	7.0.5
iphone_os	eq	7.0.6
iphone_os	eq	7.0.1
iphone_os	eq	7.0.2
iphone_os	eq	7.0
iphone_os	eq	7.0.3
mac_os_x	eq	10.9.2
mac_os_x	eq	10.9

Rows per page:

1-10 of 221

References

archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

secure-resumption.com/

5.4 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for PRION:CVE-2014-1295