CVE - CVE-2015-7575

CVE-ID
CVE-2015-7575	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1034541 URL:http://www.securitytracker.com/id/1034541 MISC:1036467 URL:http://www.securitytracker.com/id/1036467 MISC:79684 URL:http://www.securityfocus.com/bid/79684 MISC:91787 URL:http://www.securityfocus.com/bid/91787 MISC:DSA-3436 URL:http://www.debian.org/security/2016/dsa-3436 MISC:DSA-3437 URL:http://www.debian.org/security/2016/dsa-3437 MISC:DSA-3457 URL:http://www.debian.org/security/2016/dsa-3457 MISC:DSA-3458 URL:http://www.debian.org/security/2016/dsa-3458 MISC:DSA-3465 URL:http://www.debian.org/security/2016/dsa-3465 MISC:DSA-3491 URL:http://www.debian.org/security/2016/dsa-3491 MISC:DSA-3688 URL:http://www.debian.org/security/2016/dsa-3688 MISC:GLSA-201701-46 URL:https://security.gentoo.org/glsa/201701-46 MISC:GLSA-201706-18 URL:https://security.gentoo.org/glsa/201706-18 MISC:GLSA-201801-15 URL:https://security.gentoo.org/glsa/201801-15 MISC:RHSA-2016:0049 URL:http://rhn.redhat.com/errata/RHSA-2016-0049.html MISC:RHSA-2016:0050 URL:http://rhn.redhat.com/errata/RHSA-2016-0050.html MISC:RHSA-2016:0053 URL:http://rhn.redhat.com/errata/RHSA-2016-0053.html MISC:RHSA-2016:0054 URL:http://rhn.redhat.com/errata/RHSA-2016-0054.html MISC:RHSA-2016:0055 URL:http://rhn.redhat.com/errata/RHSA-2016-0055.html MISC:RHSA-2016:0056 URL:http://rhn.redhat.com/errata/RHSA-2016-0056.html MISC:RHSA-2016:1430 URL:https://access.redhat.com/errata/RHSA-2016:1430 MISC:SUSE-SU-2016:0256 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html MISC:SUSE-SU-2016:0265 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html MISC:SUSE-SU-2016:0269 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html MISC:USN-2863-1 URL:http://www.ubuntu.com/usn/USN-2863-1 MISC:USN-2864-1 URL:http://www.ubuntu.com/usn/USN-2864-1 MISC:USN-2865-1 URL:http://www.ubuntu.com/usn/USN-2865-1 MISC:USN-2866-1 URL:http://www.ubuntu.com/usn/USN-2866-1 MISC:USN-2884-1 URL:http://www.ubuntu.com/usn/USN-2884-1 MISC:USN-2904-1 URL:http://www.ubuntu.com/usn/USN-2904-1 MISC:http://www.mozilla.org/security/announce/2015/mfsa2015-150.html URL:http://www.mozilla.org/security/announce/2015/mfsa2015-150.html MISC:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html URL:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html MISC:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html URL:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html MISC:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html MISC:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html URL:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 MISC:https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes URL:https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes MISC:https://security.netapp.com/advisory/ntap-20160225-0001/ URL:https://security.netapp.com/advisory/ntap-20160225-0001/ MISC:openSUSE-SU-2015:2405 URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html MISC:openSUSE-SU-2016:0007 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html MISC:openSUSE-SU-2016:0161 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html MISC:openSUSE-SU-2016:0162 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html MISC:openSUSE-SU-2016:0263 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html MISC:openSUSE-SU-2016:0268 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html MISC:openSUSE-SU-2016:0270 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html MISC:openSUSE-SU-2016:0272 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html MISC:openSUSE-SU-2016:0279 URL:http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html MISC:openSUSE-SU-2016:0307 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html MISC:openSUSE-SU-2016:0308 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html MISC:openSUSE-SU-2016:0488 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html MISC:openSUSE-SU-2016:0605 URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20150929	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150929)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)