Home > Vulnerability Database > CVE-2015-7575

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2015-7575

Good to know:

Date: January 8, 2016

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Language: C

Severity Score

5.9

Related Resources (57)

Url: https://access.redhat.com/errata/RHSA-2016:1430

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-7575

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

Url: http://www.debian.org/security/2016/dsa-3465

Url: https://access.redhat.com/security/cve/CVE-2015-7575

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

Url: http://www.securityfocus.com/bid/79684

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0054.html

Url: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes

Url: https://security.gentoo.org/glsa/201801-15

Url: http://rhn.redhat.com/errata/RHSA-2016-0050.html

Url: https://security.netapp.com/advisory/ntap-20160225-0001/

Url: http://rhn.redhat.com/errata/RHSA-2016-0056.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0053.html

Url: http://www.securityfocus.com/bid/91787

Url: https://security-tracker.debian.org/tracker/CVE-2015-7575

Url: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Url: http://www.debian.org/security/2016/dsa-3458

Url: http://www.debian.org/security/2016/dsa-3457

Url: http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html

Url: http://www.securitytracker.com/id/1034541

Url: http://www.debian.org/security/2016/dsa-3491

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

Url: http://www.ubuntu.com/usn/USN-2864-1

Url: http://www.ubuntu.com/usn/USN-2866-1

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0049.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1158489

Url: http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html

Url: http://www.debian.org/security/2016/dsa-3688

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7575

Url: http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

Url: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

Url: https://security.gentoo.org/glsa/201701-46

Url: http://www.ubuntu.com/usn/USN-2884-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

Url: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Url: http://www.debian.org/security/2016/dsa-3437

Url: https://security.gentoo.org/glsa/201706-18

Url: http://www.ubuntu.com/usn/USN-2863-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

Url: http://www.mozilla.org/security/announce/2015/mfsa2015-150.html

Url: http://www.ubuntu.com/usn/USN-2904-1

Url: http://www.debian.org/security/2016/dsa-3436

Url: http://www.securitytracker.com/id/1036467

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0055.html

Url: http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

Url: http://www.ubuntu.com/usn/USN-2865-1

Url: http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-7575

Severity Score

5.9

Weakness Type (CWE)

Data Handling

CWE-19

Top Fix

Upgrade Version

Upgrade to version Mozilla Network Security Services - 3.20.2;Mozilla Firefox - 43.0.2;Firefox ESR - 38.5.2

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us