1. Home
  2. Vulnerabilities
  3. CVE-2015-7575

CVE-2015-7575

CVSS v3.0 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.29 % (70th)
0.29% Progress
Affected Products 6
Advisories 54
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Weaknesses
CWE-19
Data Processing Errors
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2016-01-09 02:59:10
(8 years ago)
Updated Date
2018-10-30 16:27:35
(5 years ago)

Affected Products

Canonical

Mozilla

Opensuse

Configuration #1

    CPE23 From Up To
  Mozilla Network Security Services 3.20.1 and prior versions cpe:2.3:a:mozilla:network_security_services <= 3.20.1

Configuration #2

    CPE23 From Up To
  Opensuse Leap 42.1 cpe:2.3:o:opensuse:leap:42.1
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

    CPE23 From Up To
  Mozilla Firefox Esr 38.0 cpe:2.3:a:mozilla:firefox_esr:38.0
  Mozilla Firefox Esr 38.0.1 cpe:2.3:a:mozilla:firefox_esr:38.0.1
  Mozilla Firefox Esr 38.0.5 cpe:2.3:a:mozilla:firefox_esr:38.0.5
  Mozilla Firefox Esr 38.1.0 cpe:2.3:a:mozilla:firefox_esr:38.1.0
  Mozilla Firefox Esr 38.1.1 cpe:2.3:a:mozilla:firefox_esr:38.1.1
  Mozilla Firefox Esr 38.2.0 cpe:2.3:a:mozilla:firefox_esr:38.2.0
  Mozilla Firefox Esr 38.2.1 cpe:2.3:a:mozilla:firefox_esr:38.2.1
  Mozilla Firefox Esr 38.3.0 cpe:2.3:a:mozilla:firefox_esr:38.3.0
  Mozilla Firefox Esr 38.4.0 cpe:2.3:a:mozilla:firefox_esr:38.4.0
  Mozilla Firefox Esr 38.5.0 cpe:2.3:a:mozilla:firefox_esr:38.5.0
  Mozilla Firefox Esr 38.5.1 cpe:2.3:a:mozilla:firefox_esr:38.5.1

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 15.04 cpe:2.3:o:canonical:ubuntu_linux:15.04
  Canonical Ubuntu Linux 15.10 cpe:2.3:o:canonical:ubuntu_linux:15.10

Configuration #5

    CPE23 From Up To
  Mozilla Firefox 43.0.1 and prior versions cpe:2.3:a:mozilla:firefox <= 43.0.1