[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-7575Date: (C)2016-02-11   (M)2018-02-19


Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : 5.9CVSS Score  : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score : 3.6Impact Score : 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  





Reference:
SECTRACK-1034541
SECTRACK-1036467
BID-79684
BID-91787
DSA-3436
DSA-3437
DSA-3457
DSA-3458
DSA-3465
DSA-3491
DSA-3688
GLSA-201701-46
GLSA-201706-18
GLSA-201801-15
RHSA-2016:0049
RHSA-2016:0050
RHSA-2016:0053
RHSA-2016:0054
RHSA-2016:0055
RHSA-2016:0056
RHSA-2016:1430
SUSE-SU-2016:0256
SUSE-SU-2016:0265
SUSE-SU-2016:0269
USN-2863-1
USN-2864-1
USN-2865-1
USN-2866-1
USN-2884-1
USN-2904-1
http://www.mozilla.org/security/announce/2015/mfsa2015-150.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1158489
https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
https://security.netapp.com/advisory/ntap-20160225-0001/
openSUSE-SU-2015:2405
openSUSE-SU-2016:0007
openSUSE-SU-2016:0161
openSUSE-SU-2016:0162
openSUSE-SU-2016:0263
openSUSE-SU-2016:0268
openSUSE-SU-2016:0270
openSUSE-SU-2016:0272
openSUSE-SU-2016:0279
openSUSE-SU-2016:0307
openSUSE-SU-2016:0308
openSUSE-SU-2016:0488
openSUSE-SU-2016:0605

CPE    19
cpe:/a:mozilla:network_security_services:3.20.1
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:novell:opensuse:13.2
cpe:/a:mozilla:firefox_esr:38.0
...
CWE    1
CWE-19
OVAL    59
oval:org.secpod.oval:def:1501463
oval:org.secpod.oval:def:1600361
oval:org.secpod.oval:def:1600362
oval:org.secpod.oval:def:602334
...

© 2013 SecPod Technologies