CVE-2014-7189

Public on 2014-10-07
Modified on 2014-11-01
Description

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Severity
Medium
See what this means
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 golang 2014-10-28 17:15 ALAS-2014-437

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N