Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Microsoft Windows Cipher Suites For FalseStart MiTM Vulnerability (3155527)

Information

Severity

Severity

Medium

Family

Family

Windows

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

7 years ago

Modified

Modified

4 years ago

Summary

This host is missing a security update according to Microsoft Security Advisory 3155527

Insight

Insight

The flaw exists in FalseStart which allows the TLS client to send application data before receiving and verifying the server Finished message.

Affected Software

Affected Software

Microsoft Windows 8.1 x32/x64 Edition Microsoft Windows Server 2012/2012R2

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

The vendor has released updates. Please see the references for more information.