10

CVE-2015-5887

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.10.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.46% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Vendor Advisory
http://www.securitytracker.com/id/1033703
https://support.apple.com/HT205267
Vendor Advisory
http://www.securityfocus.com/bid/76908