NVD

Id
40105  
Name
CVE-2013-4508  
Description
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-18  
Published
2013-11-07  
Modified Date
2016-12-07  
Seq
2013-4508  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
204043 40105 CVE-2013-4508 http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt  View
204044 40105 CVE-2013-4508 openSUSE-SU-2014:0072  View
204045 40105 CVE-2013-4508 HPSBGN03191  View
204046 40105 CVE-2013-4508 [oss-security] 20131104 Re: CVE Request: lighttpd using vulnerable cipher suites with SNI  View
204047 40105 CVE-2013-4508 http://redmine.lighttpd.net/issues/2525  View
204048 40105 CVE-2013-4508 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff/  View
204049 40105 CVE-2013-4508 DSA-2795  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23470 JVNDB-2013-005045 lighttpd におけるセッションをハイジャックされる脆弱性 lighttpd は、SNI が有効な場合、脆弱な SSL 暗号化方式を設定するため、セッションをハイジャックされる、または重要な情報を取得される脆弱性が存在します。 CVE-2013-4508 64450 CVE-2013-4508 40105 5.8 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005045.html 2013-11-04 2013-11-11 View