CVE-2015-8960
First published: Wed Sep 21 2016(Updated: )
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ietf Transport Layer Security | <=1.2 | |
| Apple Safari | ||
| Google Chrome | ||
| Microsoft Internet Explorer | ||
| Mozilla Firefox | ||
| Opera Opera Browser | ||
| Netapp Clustered Data Ontap Antivirus Connector | ||
| Netapp Data Ontap Edge | ||
| Netapp Host Agent | ||
| Netapp Oncommand Shift | ||
| Netapp Plug-in For Symantec Netbackup | ||
| Netapp Smi-s Provider | ||
| NetApp Snap Creator Framework | ||
| Netapp Snapdrive Unix | ||
| Netapp Snapdrive Windows | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Snapprotect | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp System Setup |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://twitter.com/matthew_d_green/statuses/630908726950674433
- http://www.openwall.com/lists/oss-security/2016/09/20/4
- http://www.securityfocus.com/bid/93071
- https://kcitls.org
- https://security.netapp.com/advisory/ntap-20180626-0002/
- https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
- agent/references
- agent/type
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ietf
- canonical/ietf transport layer security
- version/ietf transport layer security/1.2
- vendor/apple
- canonical/apple safari
- vendor/google
- canonical/google chrome
- vendor/microsoft
- canonical/microsoft internet explorer
- vendor/mozilla
- canonical/mozilla firefox
- vendor/opera
- canonical/opera opera browser
- vendor/netapp
- canonical/netapp clustered data ontap antivirus connector
- canonical/netapp data ontap edge
- canonical/netapp host agent
- canonical/netapp oncommand shift
- canonical/netapp plug-in for symantec netbackup
- canonical/netapp smi-s provider
- canonical/netapp snap creator framework
- canonical/netapp snapdrive unix
- canonical/netapp snapdrive windows
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp snapprotect
- canonical/netapp solidfire \& hci management node
- canonical/netapp system setup