NVD

Id
41556  
Name
CVE-2013-6628  
Description
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server"s X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers to interfere with trust relationships by renegotiating a session.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2013-11-13  
Modified Date
2014-04-24  
Seq
2013-6628  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
210084 41556 CVE-2013-6628 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html  View
210085 41556 CVE-2013-6628 openSUSE-SU-2013:1776  View
210086 41556 CVE-2013-6628 openSUSE-SU-2013:1777  View
210087 41556 CVE-2013-6628 openSUSE-SU-2013:1861  View
210088 41556 CVE-2013-6628 openSUSE-SU-2014:0065  View
210089 41556 CVE-2013-6628 oval:org.mitre.oval:def:19108  View
210090 41556 CVE-2013-6628 DSA-2799  View
210091 41556 CVE-2013-6628 https://code.google.com/p/chromium/issues/detail?id=306959  View
210092 41556 CVE-2013-6628 https://secure-resumption.com/  View
210093 41556 CVE-2013-6628 https://src.chromium.org/viewvc/chrome?revision=229611&view=revision  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23544 JVNDB-2013-005119 Google Chrome の TLS の実装の net/socket/ssl_client_socket_nss.cc における信頼関係を妨げられる脆弱性 Google Chrome の TLS の実装の net/socket/ssl_client_socket_nss.cc は、サーバの X.509 証明書が、再ネゴシエーション前を再ネゴシエーション中と同じであることを保証しないため、信頼関係を妨げられる脆弱性が存在します。 CVE-2013-6628 66570 CVE-2013-6628 41556 4.3 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005119.html 2013-11-12 2013-11-15 View