Veracode Vulnerability DatabaseVERACODE:11698Man-in-the-middle Attack
EPSS
Percentile
49.3%
Network Security Services (NSS) is vulnerable to a man-in-the-middle attack. The attack exists because it fails in handling state transitions for the TLS state machine and skips handshake message, allowing a man-in-the-middle to decrypt all traffic.
References
lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
rhn.redhat.com/errata/RHSA-2015-1185.html
rhn.redhat.com/errata/RHSA-2015-1664.html
www.debian.org/security/2015/dsa-3324
www.debian.org/security/2015/dsa-3336
www.mozilla.org/security/announce/2015/mfsa2015-71.html
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/75541
www.securityfocus.com/bid/83398
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1032783
www.securitytracker.com/id/1032784
www.ubuntu.com/usn/USN-2656-1
www.ubuntu.com/usn/USN-2656-2
www.ubuntu.com/usn/USN-2672-1
www.ubuntu.com/usn/USN-2673-1
access.redhat.com/security/cve/CVE-2015-2721
access.redhat.com/security/updates/classification/#moderate
bugzilla.mozilla.org/show_bug.cgi?id=1086145
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes
rhn.redhat.com/errata/RHSA-2015-1185.html
security.gentoo.org/glsa/201512-10
security.gentoo.org/glsa/201701-46
smacktls.com
Related
