Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ssl-ccs-injection CVE correction

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 5 Sep 2014 22:09:46 -0500
Evan,

Thanks for catching that! It must have been a copy-and-paste error from
ssl-heartbleed.nse. Fixed in r33655.

Dan


On Fri, Sep 5, 2014 at 8:15 PM, Evan Hutchinson <me () evanhutchinson ca>
wrote:


The script description references the wrong CVE number.

Patch against revision 33654 follows:

Index: scripts/ssl-ccs-injection.nse
===================================================================
--- scripts/ssl-ccs-injection.nse    (revision 33654)
+++ scripts/ssl-ccs-injection.nse    (working copy)
@@ -14,7 +14,7 @@

 description = [[
 Detects whether a server is vulnerable to the SSL/TLS "CCS Injection"
-vulnerability (CVE-2014-0160), first discovered by Masashi Kikuchi.
+vulnerability (CVE-2014-0224), first discovered by Masashi Kikuchi.
 The script is based on the ccsinjection.c code authored by Ramon de C
Valle
 (https://gist.github.com/rcvalle/71f4b027d61a78c42607)



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: