CVE-2014-7189
Published Oct 7, 2014
Last updated a year ago
Overview
- Description
- crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
- Source
- security@ubuntu.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "750E9017-A820-4B5A-8698-FFC9D9F07A92"
},
{
"criteria": "cpe:2.3:a:golang:go:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F97AB44A-8AC8-4F8A-BC2B-86AC627ED9E3"
},
{
"criteria": "cpe:2.3:a:golang:go:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29C26C2D-3D7F-4C95-99AA-3AD52B12E645"
},
{
"criteria": "cpe:2.3:a:golang:go:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A516E7F-5C7C-46F7-8B70-3AD38DC3B06E"
},
{
"criteria": "cpe:2.3:a:golang:go:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "274E14DB-3F64-4E9C-A8E0-BF3BC2E50CB1"
},
{
"criteria": "cpe:2.3:a:golang:go:1.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CDD1E3E-0F6D-4036-A60C-8C43C0214480"
},
{
"criteria": "cpe:2.3:a:golang:go:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CF27ABB-BCF4-48F5-9BC4-42ABDA46ED7E"
},
{
"criteria": "cpe:2.3:a:golang:go:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BF59C63-1CE7-404D-A8DE-C62728ABB633"
}
],
"operator": "OR"
}
]
}
]