CVE-2014-1771
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
11/06/2014
Last modified:
12/04/2025
Description
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:* | ||
cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/