Security Advisory

CVE-2013-1740

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-01-18 22:00:00

Last updated 2024-08-06 15:13:32

Assigner mozilla

State PUBLISHED

Description

The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.

← Browse all CVEs View on cve.org ↗