[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-7575

Date: (C)2016-02-11   (M)2017-11-18 


Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1034541
SECTRACK-1036467
BID-79684
BID-91787
DSA-3436
DSA-3437
DSA-3457
DSA-3458
DSA-3465
DSA-3491
DSA-3688
GLSA-201701-46
GLSA-201706-18
RHSA-2016:0049
RHSA-2016:0050
RHSA-2016:0053
RHSA-2016:0054
RHSA-2016:0055
RHSA-2016:0056
RHSA-2016:1430
SUSE-SU-2016:0256
SUSE-SU-2016:0265
SUSE-SU-2016:0269
USN-2863-1
USN-2864-1
USN-2865-1
USN-2866-1
USN-2884-1
USN-2904-1
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://security.netapp.com/advisory/ntap-20160225-0001/
openSUSE-SU-2015:2405
openSUSE-SU-2016:0007
openSUSE-SU-2016:0161
openSUSE-SU-2016:0162
openSUSE-SU-2016:0263
openSUSE-SU-2016:0268
openSUSE-SU-2016:0270
openSUSE-SU-2016:0272
openSUSE-SU-2016:0279
openSUSE-SU-2016:0307
openSUSE-SU-2016:0308
openSUSE-SU-2016:0488
openSUSE-SU-2016:0605

CPE    19
cpe:/a:mozilla:firefox_esr:38.2.0
cpe:/a:mozilla:firefox_esr:38.0.1
cpe:/a:mozilla:firefox_esr:38.0.5
cpe:/a:mozilla:firefox_esr:38.2.1
...
CWE    1
CWE-19
OVAL    59
oval:org.secpod.oval:def:1600361
oval:org.secpod.oval:def:1600362
oval:org.secpod.oval:def:1600367
oval:org.secpod.oval:def:400624
...

© 2013 SecPod Technologies