0.043 Low
EPSS
Percentile
92.3%
nss is vulnerable to man-in-the-middle attack. ServerHello.random is all zeros when handling a v2-compatible ClientHello, which would allow an attacker to perform man-in-the-middle attack to perform a passive replay attack.
ServerHello.random
ClientHello
access.redhat.com/errata/RHSA-2018:2898
access.redhat.com/security/updates/classification/#moderate
bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html