Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2013-1740

Published: Jan 18, 2014 | Modified: Oct 09, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2013-1740
CWEhttps://cwe.mitre.org/data/definitions/310.html

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

Affected Software

Name Vendor Start Version End Version
Network_security_services Mozilla * 3.15.3 (including)
Network_security_services Mozilla 3.2 (including) 3.2 (including)
Network_security_services Mozilla 3.2.1 (including) 3.2.1 (including)
Network_security_services Mozilla 3.3 (including) 3.3 (including)
Network_security_services Mozilla 3.3.1 (including) 3.3.1 (including)
Network_security_services Mozilla 3.3.2 (including) 3.3.2 (including)
Network_security_services Mozilla 3.4 (including) 3.4 (including)
Network_security_services Mozilla 3.4.1 (including) 3.4.1 (including)
Network_security_services Mozilla 3.4.2 (including) 3.4.2 (including)
Network_security_services Mozilla 3.5 (including) 3.5 (including)
Network_security_services Mozilla 3.6 (including) 3.6 (including)
Network_security_services Mozilla 3.6.1 (including) 3.6.1 (including)
Network_security_services Mozilla 3.7 (including) 3.7 (including)
Network_security_services Mozilla 3.7.1 (including) 3.7.1 (including)
Network_security_services Mozilla 3.7.2 (including) 3.7.2 (including)
Network_security_services Mozilla 3.7.3 (including) 3.7.3 (including)
Network_security_services Mozilla 3.7.5 (including) 3.7.5 (including)
Network_security_services Mozilla 3.7.7 (including) 3.7.7 (including)
Network_security_services Mozilla 3.8 (including) 3.8 (including)
Network_security_services Mozilla 3.9 (including) 3.9 (including)
Network_security_services Mozilla 3.11.2 (including) 3.11.2 (including)
Network_security_services Mozilla 3.11.3 (including) 3.11.3 (including)
Network_security_services Mozilla 3.11.4 (including) 3.11.4 (including)
Network_security_services Mozilla 3.11.5 (including) 3.11.5 (including)
Network_security_services Mozilla 3.12 (including) 3.12 (including)
Network_security_services Mozilla 3.12.1 (including) 3.12.1 (including)
Network_security_services Mozilla 3.12.2 (including) 3.12.2 (including)
Network_security_services Mozilla 3.12.3 (including) 3.12.3 (including)
Network_security_services Mozilla 3.12.3.1 (including) 3.12.3.1 (including)
Network_security_services Mozilla 3.12.3.2 (including) 3.12.3.2 (including)
Network_security_services Mozilla 3.12.4 (including) 3.12.4 (including)
Network_security_services Mozilla 3.12.5 (including) 3.12.5 (including)
Network_security_services Mozilla 3.12.6 (including) 3.12.6 (including)
Network_security_services Mozilla 3.12.7 (including) 3.12.7 (including)
Network_security_services Mozilla 3.12.8 (including) 3.12.8 (including)
Network_security_services Mozilla 3.12.9 (including) 3.12.9 (including)
Network_security_services Mozilla 3.12.10 (including) 3.12.10 (including)
Network_security_services Mozilla 3.12.11 (including) 3.12.11 (including)
Network_security_services Mozilla 3.14 (including) 3.14 (including)
Network_security_services Mozilla 3.14.1 (including) 3.14.1 (including)
Network_security_services Mozilla 3.14.2 (including) 3.14.2 (including)
Network_security_services Mozilla 3.14.3 (including) 3.14.3 (including)
Network_security_services Mozilla 3.14.4 (including) 3.14.4 (including)
Network_security_services Mozilla 3.14.5 (including) 3.14.5 (including)
Network_security_services Mozilla 3.15 (including) 3.15 (including)
Network_security_services Mozilla 3.15.1 (including) 3.15.1 (including)
Network_security_services Mozilla 3.15.2 (including) 3.15.2 (including)
Red Hat Enterprise Linux 5 RedHat nss-0:3.16.1-2.el5 *
Red Hat Enterprise Linux 6 RedHat nspr-0:4.10.6-1.el6_5 *
Red Hat Enterprise Linux 6 RedHat nss-0:3.16.1-4.el6_5 *
Red Hat Enterprise Linux 6 RedHat nss-util-0:3.16.1-1.el6_5 *
Nss Ubuntu devel *
Nss Ubuntu lucid *
Nss Ubuntu precise *
Nss Ubuntu quantal *
Nss Ubuntu raring *
Nss Ubuntu saucy *
Nss Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use