CVE-2016-2850 in Botaninfo

Summary

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Once again VulDB remains the best source for vulnerability data.

Reservation

03/06/2016

Disclosure

05/13/2016

Moderation

VulDB entry created

Entries

1: VDB-87397

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

7.5

EPSS

0.00431

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2850
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2850
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2850/

◂ Previous Overview Next ▸