CVE-2015-8960 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2015-8960?

CVE-2015-8960 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8960?

Check the references section above for vendor advisories and patch information. Affected products include: Ietf Transport Layer Security, Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox.

Vulnerability Description

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ietf	Transport Layer Security	<= 1.2
Apple	Safari	-
Google	Chrome	-
Microsoft	Internet Explorer	-
Mozilla	Firefox	-
Opera	Opera Browser	-
Netapp	Clustered Data Ontap Antivirus Connector	-
Netapp	Data Ontap Edge	-
Netapp	Host Agent	-
Netapp	Oncommand Shift	-
Netapp	Plug-In For Symantec Netbackup	-
Netapp	Smi-S Provider	-
Netapp	Snap Creator Framework	-
Netapp	Snapdrive	-
Netapp	Snapmanager	-
Netapp	Snapprotect	-
Netapp	Solidfire \& Hci Management Node	-
Netapp	System Setup	-

Related Weaknesses (CWE)

CWE-295

References

http://twitter.com/matthew_d_green/statuses/630908726950674433Press/Media CoverageTechnical DescriptionThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/20/4Mailing ListTechnical DescriptionThird Party Advisory
http://www.securityfocus.com/bid/93071Broken LinkThird Party AdvisoryVDB Entry
https://kcitls.orgExploitTechnical Description
https://security.netapp.com/advisory/ntap-20180626-0002/Third Party Advisory
https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdfExploitMitigationTechnical Description
http://twitter.com/matthew_d_green/statuses/630908726950674433Press/Media CoverageTechnical DescriptionThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/20/4Mailing ListTechnical DescriptionThird Party Advisory
http://www.securityfocus.com/bid/93071Broken LinkThird Party AdvisoryVDB Entry
https://kcitls.orgExploitTechnical Description
https://security.netapp.com/advisory/ntap-20180626-0002/Third Party Advisory
https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdfExploitMitigationTechnical Description

FAQ

What is CVE-2015-8960?

CVE-2015-8960 is a vulnerability with a CVSS score of 8.1 (HIGH). The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute th...

How severe is CVE-2015-8960?

CVE-2015-8960 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8960?

Check the references section above for vendor advisories and patch information. Affected products include: Ietf Transport Layer Security, Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox.