SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server’s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a “triple handshake attack,” aka “TLS Server Certificate Renegotiation Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
internet_explorer | eq | 10 | |
internet_explorer | eq | 8 | |
internet_explorer | eq | 7 | |
internet_explorer | eq | 11 | |
internet_explorer | eq | 6 | |
internet_explorer | eq | 9 |