Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-154-1:C91BD
HistoryFeb 16, 2015 - 3:44 p.m.

[SECURITY] [DLA 154-1] nss security update

2015-02-1615:44:22
lists.debian.org
20

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.023

Percentile

89.9%

JSON

Package : nss
Version : 3.12.8-1+squeeze11
CVE ID : CVE-2011-3389 CVE-2014-1569
Debian Bug : 773625

nss 3.12.8-1+squeeze11 fixes two security issues:

CVE-2011-3389

SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen
plaintext attacks which allowed man-in-the middle attackers to obtain
plaintext HTTP headers on an HTTPS session. This issue is known as
the "BEAST" attack.

CVE-2014-1569

Possible information leak with too-permissive ASN.1 DER decoding of
length.


Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7amd64libnss3-1d< 2:3.14.5-1+deb7u4libnss3-1d_2:3.14.5-1+deb7u4_amd64.deb
Debian7amd64libnss3-dbg< 2:3.14.5-1+deb7u4libnss3-dbg_2:3.14.5-1+deb7u4_amd64.deb
Debian7s390xlibnss3-dbg< 2:3.14.5-1+deb7u4libnss3-dbg_2:3.14.5-1+deb7u4_s390x.deb
Debian7armhflibnss3-1d< 2:3.14.5-1+deb7u4libnss3-1d_2:3.14.5-1+deb7u4_armhf.deb
Debian7mipsellibnss3-1d< 2:3.14.5-1+deb7u4libnss3-1d_2:3.14.5-1+deb7u4_mipsel.deb
Debian7powerpclibnss3-dev< 2:3.14.5-1+deb7u4libnss3-dev_2:3.14.5-1+deb7u4_powerpc.deb
Debian7s390libnss3-dev< 2:3.14.5-1+deb7u4libnss3-dev_2:3.14.5-1+deb7u4_s390.deb
Debian7armellibnss3-dbg< 2:3.14.5-1+deb7u4libnss3-dbg_2:3.14.5-1+deb7u4_armel.deb
Debian7sparclibnss3-tools< 2:3.14.5-1+deb7u4libnss3-tools_2:3.14.5-1+deb7u4_sparc.deb
Debian7sparclibnss3-dev< 2:3.14.5-1+deb7u4libnss3-dev_2:3.14.5-1+deb7u4_sparc.deb
Rows per page:
1-10 of 751

Related

osv 5
nessus 40
openvas 68
mskb 1
fedora 22
prion 2
veracode 3
debiancve 2
ics 1
seebug 2
checkpoint_advisories 2
ibm 9
nvd 3
cve 3
checkpoint_security 1
cert 1
exploitdb 1
ubuntu 1
debian 6
cvelist 2
zdt 1
exploitpack 1
securityvulns 13
ubuntucve 2
freebsd 2
rubygems 1
rapid7blog 1
f5 2
archlinux 1
osv
osv
nss - security update
2015-02-16 00:00:00
CGA-m3vx-v2q7-5ghm
2024-06-06 12:28:22
nss - security update
2015-03-13 00:00:00
nessus
nessus
Debian DLA-154-1 : nss security update (BEAST)
2015-03-26 00:00:00
MS12-006: Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
2012-01-10 00:00:00
Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)
2015-01-27 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-154-1)
2023-03-08 00:00:00
Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)
2012-01-11 00:00:00
FreeBSD Ports: fetchmail
2012-08-30 00:00:00
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: xulrunner-9.0-2.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: thunderbird-9.0-4.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 16 Update: nss-softokn-3.13.1-14.fc16
2011-12-23 03:31:27
prion
prion
Session fixation
2011-09-06 19:55:00
Design/Logic Flaw
2014-12-15 18:59:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
HTTP Request Smuggling
2019-01-15 09:03:35
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:03
CVE-2014-1569
2014-12-15 18:59:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)
2022-09-26 22:21:32
Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)
2022-08-20 00:54:31
Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)
2023-03-29 01:48:02
nvd
nvd
CVE-2011-3389
2011-09-06 19:55:03
CVE-2014-1569
2014-12-15 18:59:00
CVE-2004-2770
2011-09-25 10:55:04
cve
cve
CVE-2011-3389
2011-09-06 19:55:03
CVE-2014-1569
2014-12-15 18:59:00
CVE-2004-2770
2011-09-25 10:55:04
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
exploitdb
exploitdb
MatrixSSL &lt; 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
ubuntu
ubuntu
NSS vulnerability
2015-01-07 00:00:00
debian
debian
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
[SECURITY] [DSA 3186-1] nss security update
2015-03-13 08:15:52
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
cvelist
cvelist
CVE-2014-1569
2014-12-15 17:27:00
CVE-2011-3389
2011-09-06 19:00:00
zdt
zdt
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates Vulnerability
2019-02-20 00:00:00
exploitpack
exploitpack
MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
2019-02-20 00:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE&#40;r&#41; Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2012-10-29 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-1569
2014-12-15 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
rubygems
rubygems
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
2011-08-31 00:00:00
rapid7blog
rapid7blog
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
2021-09-01 13:11:33
f5
f5
K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2015-06-16 00:00:00
SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2012-03-06 00:00:00
archlinux
archlinux
nss: signature forgery
2014-12-16 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.023

Percentile

89.9%

JSON
Related for DEBIAN:DLA-154-1:C91BD
osv5nessus40openvas68mskb1fedora22prion2veracode3debiancve2ics1seebug2checkpoint_advisories2ibm9nvd3cve3checkpoint_security1cert1exploitdb1ubuntu1debian6cvelist2zdt1exploitpack1securityvulns13ubuntucve2freebsd2rubygems1rapid7blog1f52archlinux1