First published: Mon Jan 08 2018(Updated: )
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
<3.12.1 | ||
debian/mono | 5.18.0.240+dfsg-3 5.18.0.240+dfsg-3+deb10u1 6.8.0.105+dfsg-3.3~deb11u1 6.8.0.105+dfsg-3.3 6.8.0.105+dfsg-3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-2319 is a vulnerability in the TLS stack in Mono before version 3.12.1 that makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic.
Mono versions up to but excluding 3.12.1 are affected by CVE-2015-2319.
CVE-2015-2319 has a severity value of 7.5, which is considered high.
Remote attackers can exploit CVE-2015-2319 by conducting cipher-downgrade attacks to EXPORT_RSA ciphers using crafted TLS traffic.
You can find more information about CVE-2015-2319 at the following references: - http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/ - http://www.openwall.com/lists/oss-security/2015/03/17/9 - http://www.securityfocus.com/bid/73250