CVE-2020-12872

Published May 15th, 2020

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

2.1

LOW

Affected

PROJECT

Description

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.

erlyaws/yaws

Yaws webserver

GitHub

1.31K