VulnerableCode Vulnerability Details - VCID-vc6g-hwkh-aaas

Search for vulnerabilities

Vulnerability details: VCID-vc6g-hwkh-aaas

Essentials
Severities (0)
References (0)
Severity details (0)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-vc6g-hwkh-aaas
Aliases	VC-OPENSSL-20141015
Summary	OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566). See also https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 and https://www.openssl.org/~bodo/ssl-poodle.pdf
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
There are no known references.

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.