CVE - CVE-2015-7575

CVE-ID
CVE-2015-7575	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://www.mozilla.org/security/announce/2015/mfsa2015-150.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 CONFIRM:https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:https://security.netapp.com/advisory/ntap-20160225-0001/ DEBIAN:DSA-3457 URL:http://www.debian.org/security/2016/dsa-3457 DEBIAN:DSA-3465 URL:http://www.debian.org/security/2016/dsa-3465 DEBIAN:DSA-3491 URL:http://www.debian.org/security/2016/dsa-3491 DEBIAN:DSA-3437 URL:http://www.debian.org/security/2016/dsa-3437 DEBIAN:DSA-3436 URL:http://www.debian.org/security/2016/dsa-3436 DEBIAN:DSA-3458 URL:http://www.debian.org/security/2016/dsa-3458 DEBIAN:DSA-3688 URL:http://www.debian.org/security/2016/dsa-3688 GENTOO:GLSA-201701-46 URL:https://security.gentoo.org/glsa/201701-46 GENTOO:GLSA-201706-18 URL:https://security.gentoo.org/glsa/201706-18 REDHAT:RHSA-2016:1430 URL:https://access.redhat.com/errata/RHSA-2016:1430 REDHAT:RHSA-2016:0049 URL:http://rhn.redhat.com/errata/RHSA-2016-0049.html REDHAT:RHSA-2016:0050 URL:http://rhn.redhat.com/errata/RHSA-2016-0050.html REDHAT:RHSA-2016:0053 URL:http://rhn.redhat.com/errata/RHSA-2016-0053.html REDHAT:RHSA-2016:0054 URL:http://rhn.redhat.com/errata/RHSA-2016-0054.html REDHAT:RHSA-2016:0055 URL:http://rhn.redhat.com/errata/RHSA-2016-0055.html REDHAT:RHSA-2016:0056 URL:http://rhn.redhat.com/errata/RHSA-2016-0056.html SUSE:openSUSE-SU-2016:0307 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html SUSE:openSUSE-SU-2016:0308 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html SUSE:openSUSE-SU-2016:0605 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html SUSE:openSUSE-SU-2016:0488 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html SUSE:openSUSE-SU-2015:2405 URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html SUSE:openSUSE-SU-2016:0007 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html SUSE:openSUSE-SU-2016:0161 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html SUSE:openSUSE-SU-2016:0162 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html SUSE:SUSE-SU-2016:0256 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html SUSE:SUSE-SU-2016:0265 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html SUSE:SUSE-SU-2016:0269 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html SUSE:openSUSE-SU-2016:0263 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html SUSE:openSUSE-SU-2016:0268 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html SUSE:openSUSE-SU-2016:0270 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html SUSE:openSUSE-SU-2016:0272 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html SUSE:openSUSE-SU-2016:0279 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html UBUNTU:USN-2884-1 URL:http://www.ubuntu.com/usn/USN-2884-1 UBUNTU:USN-2904-1 URL:http://www.ubuntu.com/usn/USN-2904-1 UBUNTU:USN-2863-1 URL:http://www.ubuntu.com/usn/USN-2863-1 UBUNTU:USN-2864-1 URL:http://www.ubuntu.com/usn/USN-2864-1 UBUNTU:USN-2865-1 URL:http://www.ubuntu.com/usn/USN-2865-1 UBUNTU:USN-2866-1 URL:http://www.ubuntu.com/usn/USN-2866-1 BID:91787 URL:http://www.securityfocus.com/bid/91787 BID:79684 URL:http://www.securityfocus.com/bid/79684 SECTRACK:1034541 URL:http://www.securitytracker.com/id/1034541 SECTRACK:1036467 URL:http://www.securitytracker.com/id/1036467
Assigning CNA
N/A
Date Entry Created
20150929	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150929)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org