- Home
- CVEs with oval.description==The+TLS+protocol%2C+and+the+SSL+protocol+3.0+and+possibly+earlier%2C+as+used+in+Microsoft+Internet+Information+Services+%28IIS%29+7.0%2C+mod_ssl+in+the+Apache+HTTP+Server+2.2.14+and+earlier%2C+OpenSSL+before+0.9.8l%2C+GnuTLS+2.8.5+and+earlier%2C+Mozilla+Network+Security+Services+%28NSS%29+3.12.4+and+earlier%2C+multiple+Cisco+products%2C+and+other+products%2C+does+not+properly+associate+renegotiation+handshakes+with+an+existing+connection%2C+which+allows+man-in-the-middle+attackers+to+insert+data+into+HTTPS+sessions%2C+and+possibly+other+types+of+sessions+protected+by+TLS+or+SSL%2C+by+sending+an+unauthenticated+request+that+is+processed+retroactively+by+a+server+in+a+post-renegotiation+context%2C+related+to+a+%22plaintext+injection%22+attack%2C+aka+the+%22Project+Mogul%22+issue
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top