5.8

CVE-2013-0013

The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Editionx64
MicrosoftWindows 7 Editionx86
MicrosoftWindows 7 Updatesp1 Editionx64
MicrosoftWindows 7 Updatesp1 Editionx86
MicrosoftWindows 8 Version- Update- Editionx64
MicrosoftWindows 8 Version- Update- Editionx86
MicrosoftWindows Rt Version-
MicrosoftWindows Server 2008 Updater2 Editionitanium
MicrosoftWindows Server 2008 Updater2 Editionx64
MicrosoftWindows Server 2008 Updatesp2 Editionitanium
MicrosoftWindows Server 2008 Updatesp2 Editionx64
MicrosoftWindows Server 2008 Updatesp2 Editionx86
MicrosoftWindows Vista Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.83% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
Third Party Advisory
US Government Resource