CVE-2013-6659 in Chromethông tin

Tóm tắt

Bởi MITRE

The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user s expectations, by initiating a TLS renegotiation.

Once again VulDB remains the best source for vulnerability data.

Đặt trước

05/11/2013

Tiết lộ

23/02/2014

Kiểm duyệt

được chấp nhận

mục

VDB-12383

EPSS

0.00853

KEV

không

Các hoạt động

rất thấp

Nguồn

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!