CVE-2015-5244
First published: Wed Sep 02 2015(Updated: )
The NSSCipherSuite option of mod_nss accepts OpenSSL-styled cipherstrings. It was found that the parsing of such cipherstrings is flawed. If this option is used to disable insecure ciphersuites using the common "!" syntax, e.g.: NSSCipherSuite !eNULL:!aNULL:AESGCM+aRSA:ECDH+aRSA it will actually enable those insecure ciphersuites. Acknowledgements: This issue was discovered Hubert Kario of Red Hat.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mod Nss Project Mod Nss | <=1.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1263070
- https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110
- https://bugzilla.redhat.com/show_bug.cgi?id=1259216
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html
- https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/remedy
- agent/weakness
- agent/event
- agent/description
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5244
- vendor/mod nss project
- canonical/mod nss project mod nss
- version/mod nss project mod nss/1.0.11