[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7575Date: (C)2016-02-11   (M)2024-03-27


Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.9CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1034541
SECTRACK-1036467
BID-79684
BID-91787
DSA-3436
DSA-3437
DSA-3457
DSA-3458
DSA-3465
DSA-3491
DSA-3688
GLSA-201701-46
GLSA-201706-18
GLSA-201801-15
RHSA-2016:0049
RHSA-2016:0050
RHSA-2016:0053
RHSA-2016:0054
RHSA-2016:0055
RHSA-2016:0056
RHSA-2016:1430
SUSE-SU-2016:0256
SUSE-SU-2016:0265
SUSE-SU-2016:0269
USN-2863-1
USN-2864-1
USN-2865-1
USN-2866-1
USN-2884-1
USN-2904-1
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://security.netapp.com/advisory/ntap-20160225-0001/
openSUSE-SU-2015:2405
openSUSE-SU-2016:0007
openSUSE-SU-2016:0161
openSUSE-SU-2016:0162
openSUSE-SU-2016:0263
openSUSE-SU-2016:0268
openSUSE-SU-2016:0270
openSUSE-SU-2016:0272
openSUSE-SU-2016:0279
openSUSE-SU-2016:0307
openSUSE-SU-2016:0308
openSUSE-SU-2016:0488
openSUSE-SU-2016:0605

CPE    19
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox_esr:38.2.0
cpe:/a:mozilla:firefox_esr:38.0.1
cpe:/o:canonical:ubuntu_linux:15.10
...
CWE    1
CWE-19
OVAL    71
oval:org.secpod.oval:def:1600361
oval:org.secpod.oval:def:1600362
oval:org.secpod.oval:def:602334
oval:org.secpod.oval:def:52671
...

© SecPod Technologies