CVE-2014-1771
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.1342 (13.4%)
Percentile: 94.2%
EPSS: 2026-05-06
Affects
microsoft:internet_explorerTechnical description
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
Published: 6/11/2014, 4:56:16 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/