4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.6%
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled,
allows man-in-the-middle attackers to spoof clients via unspecified
vectors.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
launchpad.net/bugs/cve/CVE-2014-7189
nvd.nist.gov/vuln/detail/CVE-2014-7189
security-tracker.debian.org/tracker/CVE-2014-7189
www.cve.org/CVERecord?id=CVE-2014-7189