CVE-2014-1771
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.1342 (13.4%)
Percentil: 94.2%
EPSS: 2026-05-06
Afecta
microsoft:internet_explorerDescripción técnica
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
Publicada: 11/6/2014, 4:56:16
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/
- http://www.securityfocus.com/bid/67861
- http://www.securitytracker.com/id/1030370
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
- https://secure-resumption.com/