Novell Home

CVE-2013-4508

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4508 at MITRE

Description

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

NVD CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 849059

SUSE Security Advisories:

© 2014 Novell