CVE-2013-1740

描述

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

受影響套件(1)

• Debian/nssfrom 0, < 2:3.15.4-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-1740