SecuritySpace - CVE-2015-7575

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID:	CVE-2015-7575
Description:	Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the- middle attackers to spoof servers by triggering a collision.
Test IDs:	1.3.6.1.4.1.25623.1.0.122815 1.3.6.1.4.1.25623.1.0.703688 1.3.6.1.4.1.25623.1.0.703436 1.3.6.1.4.1.25623.1.0.122888 1.3.6.1.4.1.25623.1.1.4.2016.0189.1 1.3.6.1.4.1.25623.1.0.882357 1.3.6.1.4.1.25623.1.0.842597 1.3.6.1.4.1.25623.1.0.806954 1.3.6.1.4.1.25623.1.0.871532 1.3.6.1.4.1.25623.1.1.1.2.2016.410 1.3.6.1.4.1.25623.1.0.871535 1.3.6.1.4.1.25623.1.0.122816 1.3.6.1.4.1.25623.1.0.882356 1.3.6.1.4.1.25623.1.0.806952 1.3.6.1.4.1.25623.1.0.842596 1.3.6.1.4.1.25623.1.0.882366 1.3.6.1.4.1.25623.1.1.4.2016.0149.1 1.3.6.1.4.1.25623.1.1.4.2016.0776.1 1.3.6.1.4.1.25623.1.0.882360 1.3.6.1.4.1.25623.1.0.882363 1.3.6.1.4.1.25623.1.0.105549 1.3.6.1.4.1.25623.1.0.842594 1.3.6.1.4.1.25623.1.0.882355 1.3.6.1.4.1.25623.1.0.120635 1.3.6.1.4.1.25623.1.0.806955 1.3.6.1.4.1.25623.1.0.703437 1.3.6.1.4.1.25623.1.0.842593 1.3.6.1.4.1.25623.1.0.871536 1.3.6.1.4.1.25623.1.0.806953 1.3.6.1.4.1.25623.1.2.1.2015.150 1.3.6.1.4.1.25623.1.0.120641 1.3.6.1.4.1.25623.1.0.122819
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7575 1034541 http://www.securitytracker.com/id/1034541 1036467 http://www.securitytracker.com/id/1036467 79684 http://www.securityfocus.com/bid/79684 91787 http://www.securityfocus.com/bid/91787 DSA-3436 http://www.debian.org/security/2016/dsa-3436 DSA-3437 http://www.debian.org/security/2016/dsa-3437 DSA-3457 http://www.debian.org/security/2016/dsa-3457 DSA-3458 http://www.debian.org/security/2016/dsa-3458 DSA-3465 http://www.debian.org/security/2016/dsa-3465 DSA-3491 http://www.debian.org/security/2016/dsa-3491 DSA-3688 http://www.debian.org/security/2016/dsa-3688 GLSA-201701-46 https://security.gentoo.org/glsa/201701-46 GLSA-201706-18 https://security.gentoo.org/glsa/201706-18 GLSA-201801-15 https://security.gentoo.org/glsa/201801-15 RHSA-2016:0049 http://rhn.redhat.com/errata/RHSA-2016-0049.html RHSA-2016:0050 http://rhn.redhat.com/errata/RHSA-2016-0050.html RHSA-2016:0053 http://rhn.redhat.com/errata/RHSA-2016-0053.html RHSA-2016:0054 http://rhn.redhat.com/errata/RHSA-2016-0054.html RHSA-2016:0055 http://rhn.redhat.com/errata/RHSA-2016-0055.html RHSA-2016:0056 http://rhn.redhat.com/errata/RHSA-2016-0056.html RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430 SUSE-SU-2016:0256 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html SUSE-SU-2016:0265 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html SUSE-SU-2016:0269 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html USN-2863-1 http://www.ubuntu.com/usn/USN-2863-1 USN-2864-1 http://www.ubuntu.com/usn/USN-2864-1 USN-2865-1 http://www.ubuntu.com/usn/USN-2865-1 USN-2866-1 http://www.ubuntu.com/usn/USN-2866-1 USN-2884-1 http://www.ubuntu.com/usn/USN-2884-1 USN-2904-1 http://www.ubuntu.com/usn/USN-2904-1 http://www.mozilla.org/security/announce/2015/mfsa2015-150.html http://www.mozilla.org/security/announce/2015/mfsa2015-150.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes https://security.netapp.com/advisory/ntap-20160225-0001/ https://security.netapp.com/advisory/ntap-20160225-0001/ openSUSE-SU-2015:2405 http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html openSUSE-SU-2016:0007 http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html openSUSE-SU-2016:0161 http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html openSUSE-SU-2016:0162 http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html openSUSE-SU-2016:0263 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html openSUSE-SU-2016:0268 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html openSUSE-SU-2016:0270 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html openSUSE-SU-2016:0272 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html openSUSE-SU-2016:0279 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html openSUSE-SU-2016:0307 http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html openSUSE-SU-2016:0308 http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html openSUSE-SU-2016:0488 http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html openSUSE-SU-2016:0605 http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html