CVE-2015-0799

2015-04-0600:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

50.8%

JSON

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1
allows man-in-the-middle attackers to bypass an intended X.509
certificate-verification step for an SSL server by specifying that server
in the uri-host field of an Alt-Svc HTTP/2 response header.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 37.0.1+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchfirefox< 37.0.1+build1-0ubuntu0.14.04.1UNKNOWN
ubuntu14.10noarchfirefox< 37.0.1+build1-0ubuntu0.14.10.1UNKNOWN
ubuntu15.04noarchfirefox< 37.0.2+build1-0ubuntu0.15.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 37.0.1+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	firefox	< 37.0.1+build1-0ubuntu0.14.04.1	UNKNOWN
ubuntu	14.10	noarch	firefox	< 37.0.1+build1-0ubuntu0.14.10.1	UNKNOWN
ubuntu	15.04	noarch	firefox	< 37.0.2+build1-0ubuntu0.15.04.1	UNKNOWN