8.1
CVE-2015-8960
- EPSS 0.36%
- Published 21.09.2016 02:59:00
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
Data is provided by the National Vulnerability Database (NVD)
Ietf ≫ Transport Layer Security Version <= 1.2
Apple ≫ Safari Version-
Google ≫ Chrome Version-
Microsoft ≫ Internet Explorer Version-
Mozilla ≫ Firefox Version-
Opera ≫ Opera Browser Version-
Google ≫ Chrome Version-
Microsoft ≫ Internet Explorer Version-
Mozilla ≫ Firefox Version-
Opera ≫ Opera Browser Version-
Netapp ≫ Clustered Data Ontap Antivirus Connector Version-
Netapp ≫ Data Ontap Edge Version-
Netapp ≫ Host Agent Version-
Netapp ≫ Oncommand Shift Version-
Netapp ≫ Plug-in For Symantec Netbackup Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ Snap Creator Framework Version-
Netapp ≫ Snapmanager Version- SwPlatformoracle
Netapp ≫ Snapmanager Version- SwPlatformsap
Netapp ≫ Snapprotect Version-
Netapp ≫ System Setup Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.555 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.