Nmap Development mailing list archives

[NSE] ssl-ccs-injection CVE correction

From: Evan Hutchinson <me () evanhutchinson ca>
Date: Fri, 05 Sep 2014 20:15:50 -0500

The script description references the wrong CVE number.

Patch against revision 33654 follows:

Index: scripts/ssl-ccs-injection.nse
===================================================================
--- scripts/ssl-ccs-injection.nse    (revision 33654)
+++ scripts/ssl-ccs-injection.nse    (working copy)
@@ -14,7 +14,7 @@
 
 description = [[
 Detects whether a server is vulnerable to the SSL/TLS "CCS Injection"
-vulnerability (CVE-2014-0160), first discovered by Masashi Kikuchi.
+vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi.
 The script is based on the ccsinjection.c code authored by Ramon de C Valle
 (https://gist.github.com/rcvalle/71f4b027d61a78c42607)

Attachment: ssl-ccs-cvs-number.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] ssl-ccs-injection CVE correction Evan Hutchinson (Sep 05)
- Re: [NSE] ssl-ccs-injection CVE correction Daniel Miller (Sep 05)