CVE-2015-2318

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Identity Check Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2011-0992, CVE-2012-3543, CVE-2015-2319, CVE-2015-2320

Published on 08/01/18 - Updated on 30/01/18

Description

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

Category: Identity Check Error

CWE-295 (Improper Certificate Validation)
The software does not validate, or incorrectly validates, a certificate.

Security Notices

US National Vulnerability DatabaseCVE-2015-2318
Debian DSA-3202-1
Debian LTSDLA-176-1
SUSE SUSE-SU-2015:0841
Ubuntu USN-2547-1

Exploits

SecurityFocusBID-73253

Relative technologies

VendorProduct
debiandebian_linux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail