Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1771

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-1771
Last Modified 26 Jun 2014 12:48:33
Published 11 Jun 2014 12:56:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1771

Summary

SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 10

  • Microsoft Internet Explorer 11

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

MISC - https://secure-resumption.com/

MS - MS14-035

BID - 67861

SECTRACK - 1030370

Related Patches

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for Windows Vista x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 9 for Windows Vista x64 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 6 for WEPOS and POSReady 2009 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2957689)

MS14-035 Cumulative Security Update for Internet Explorer 7 for WEPOS and POSReady 2009 (KB2957689)


Last Updated: 27 May 2016 11:05:38