Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2015-7575

Published: Jan 09, 2016 | Modified: Oct 30, 2018
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
5.8 MODERATE
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2015-7575
CWEhttps://cwe.mitre.org/data/definitions/19.html

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Affected Software

Name Vendor Start Version End Version
Network_security_services Mozilla * 3.20.1 (including)
Firefox Ubuntu artful *
Firefox Ubuntu bionic *
Firefox Ubuntu cosmic *
Firefox Ubuntu devel *
Firefox Ubuntu disco *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu vivid *
Firefox Ubuntu wily *
Firefox Ubuntu xenial *
Firefox Ubuntu yakkety *
Firefox Ubuntu zesty *
Gnutls26 Ubuntu precise *
Gnutls26 Ubuntu trusty *
Gnutls28 Ubuntu precise *
Gnutls28 Ubuntu trusty *
Gnutls28 Ubuntu upstream *
Gnutls28 Ubuntu vivid *
Gnutls28 Ubuntu vivid/stable-phone-overlay *
Gnutls28 Ubuntu vivid/ubuntu-core *
Mbedtls Ubuntu upstream *
Nss Ubuntu precise *
Nss Ubuntu trusty *
Nss Ubuntu upstream *
Nss Ubuntu vivid *
Nss Ubuntu vivid/stable-phone-overlay *
Nss Ubuntu wily *
Openjdk-6 Ubuntu precise *
Openjdk-6 Ubuntu trusty *
Openjdk-6 Ubuntu vivid *
Openjdk-6 Ubuntu wily *
Openjdk-7 Ubuntu precise *
Openjdk-7 Ubuntu trusty *
Openjdk-7 Ubuntu vivid *
Openjdk-7 Ubuntu wily *
Openjdk-8 Ubuntu upstream *
Openjdk-8 Ubuntu vivid *
Openjdk-8 Ubuntu wily *
Openssl Ubuntu precise *
Openssl Ubuntu upstream *
Polarssl Ubuntu precise *
Polarssl Ubuntu trusty *
Polarssl Ubuntu upstream *
Polarssl Ubuntu vivid *
Polarssl Ubuntu wily *
Thunderbird Ubuntu artful *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu cosmic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu disco *
Thunderbird Ubuntu precise *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu vivid *
Thunderbird Ubuntu wily *
Thunderbird Ubuntu xenial *
Thunderbird Ubuntu yakkety *
Thunderbird Ubuntu zesty *
Oracle Java for Red Hat Enterprise Linux 5 RedHat java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11 *
Oracle Java for Red Hat Enterprise Linux 6 RedHat java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7 *
Oracle Java for Red Hat Enterprise Linux 6 RedHat java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7 *
Oracle Java for Red Hat Enterprise Linux 7 RedHat java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7 *
Oracle Java for Red Hat Enterprise Linux 7 RedHat java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7 *
Red Hat Enterprise Linux 5 RedHat java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 *
Red Hat Enterprise Linux 6 RedHat nss-0:3.19.1-8.el6_7 *
Red Hat Enterprise Linux 6 RedHat openssl-0:1.0.1e-42.el6_7.2 *
Red Hat Enterprise Linux 6 RedHat gnutls-0:2.8.5-19.el6_7 *
Red Hat Enterprise Linux 6 RedHat java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7 *
Red Hat Enterprise Linux 6 RedHat java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 *
Red Hat Enterprise Linux 6 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 *
Red Hat Enterprise Linux 7 RedHat nss-0:3.19.1-19.el7_2 *
Red Hat Enterprise Linux 7 RedHat openssl-1:1.0.1e-51.el7_2.2 *
Red Hat Enterprise Linux 7 RedHat gnutls-0:3.3.8-14.el7_2 *
Red Hat Enterprise Linux 7 RedHat java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2 *
Red Hat Enterprise Linux 7 RedHat java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2 *
Red Hat Enterprise Linux 7 Supplementary RedHat java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7 *
Red Hat Enterprise Linux 7 Supplementary RedHat java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 *
Red Hat Satellite 5.6 RedHat java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 *
Red Hat Satellite 5.6 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.6 RedHat spacewalk-java-0:2.0.2-109.el6sat *
Red Hat Satellite 5.7 RedHat java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 *
Red Hat Satellite 5.7 RedHat spacewalk-java-0:2.3.8-146.el6sat *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use