Lucene search

K

PRIOn knowledge basePRION:CVE-2014-1490

HistoryFeb 06, 2014 - 5:44 a.m.

Race condition

2014-02-0605:44:00

PRIOn knowledge base

www.prio-n.com

7

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.5%

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

CPENameOperatorVersion
ubuntu_linuxeq13.10
ubuntu_linuxeq12.10
ubuntu_linuxeq12.04
debian_linuxeq7.0
fedoraeq20
fedoraeq19
firefoxlt27.0
firefox_esrlt24.3
network_security_serviceslt3.15.4
seamonkeylt2.24

Rows per page:

1-10 of 231

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

osvdb.org/102876

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/56706

secunia.com/advisories/56767

secunia.com/advisories/56787

secunia.com/advisories/56858

secunia.com/advisories/56888

secunia.com/advisories/56922

www.debian.org/security/2014/dsa-2858

www.mozilla.org/security/announce/2014/mfsa2014-12.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65335

www.securitytracker.com/id/1029717

www.securitytracker.com/id/1029720

www.securitytracker.com/id/1029721

www.ubuntu.com/usn/USN-2102-1

www.ubuntu.com/usn/USN-2102-2

www.ubuntu.com/usn/USN-2119-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

8pecxstudios.com/?page_id=44080

bugzilla.mozilla.org/show_bug.cgi?id=930857

bugzilla.mozilla.org/show_bug.cgi?id=930874

exchange.xforce.ibmcloud.com/vulnerabilities/90885

lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

security.gentoo.org/glsa/201504-01

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.5%

Related for PRION:CVE-2014-1490

seebug1 cve1 ubuntucve1 debiancve1 openvas36 mozilla1 nessus36 centos2 redhat3 oraclelinux2 f52 ibm4 veracode1 debian1 ubuntu3 suse6 freebsd1 securityvulns1 oracle4 gentoo1