Nmap Development mailing list archives
Re: [NSE] ssl-ccs-injection CVE correction
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 5 Sep 2014 22:09:46 -0500
Evan, Thanks for catching that! It must have been a copy-and-paste error from ssl-heartbleed.nse. Fixed in r33655. Dan On Fri, Sep 5, 2014 at 8:15 PM, Evan Hutchinson <me () evanhutchinson ca> wrote:
The script description references the wrong CVE number. Patch against revision 33654 follows: Index: scripts/ssl-ccs-injection.nse =================================================================== --- scripts/ssl-ccs-injection.nse (revision 33654) +++ scripts/ssl-ccs-injection.nse (working copy) @@ -14,7 +14,7 @@ description = [[ Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" -vulnerability (CVE-2014-0160), first discovered by Masashi Kikuchi. +vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle (https://gist.github.com/rcvalle/71f4b027d61a78c42607) _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ssl-ccs-injection CVE correction Evan Hutchinson (Sep 05)
- Re: [NSE] ssl-ccs-injection CVE correction Daniel Miller (Sep 05)