CVE-2015-7575

MEDIUM

Description

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

ID	Name	Product	Family	Severity
119974	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0428-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
106039	GLSA-201801-15 : PolarSSL: Multiple vulnerabilities (SLOTH)	Nessus	Gentoo Local Security Checks	high
104123	AIX bind Advisory : nettcp_advisory2.asc (IV86116) (IV86117) (IV86118) (IV86119) (IV86120) (IV86132)	Nessus	AIX Local Security Checks	medium
100944	GLSA-201706-18 : mbed TLS: Multiple vulnerabilities (SLOTH)	Nessus	Gentoo Local Security Checks	medium
96643	GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	medium
94181	AIX 5.3 TL 12 : nettcp (IV88960) (SLOTH)	Nessus	AIX Local Security Checks	medium
94180	AIX 5.3 TL 12 : nettcp (IV88959) (SLOTH)	Nessus	AIX Local Security Checks	medium
94178	AIX 7.1 TL 3 : nettcp (IV82412) (SLOTH)	Nessus	AIX Local Security Checks	medium
94176	AIX 7.1 TL 3 : nettcp (IV82330) (SLOTH)	Nessus	AIX Local Security Checks	medium
94175	AIX 7.1 TL 3 : nettcp (IV82328) (SLOTH)	Nessus	AIX Local Security Checks	medium
94174	AIX 7.1 TL 3 : nettcp (IV82327) (SLOTH)	Nessus	AIX Local Security Checks	medium
94173	AIX 6.1 TL 9 : nettcp (IV79072) (SLOTH)	Nessus	AIX Local Security Checks	medium
94171	AIX 6.1 TL 9 : nettcp (IV79070) (SLOTH)	Nessus	AIX Local Security Checks	medium
94170	AIX 6.1 TL 9 : nettcp (IV78625) (SLOTH)	Nessus	AIX Local Security Checks	medium
94169	AIX 6.1 TL 9 : nettcp (IV78624) (SLOTH)	Nessus	AIX Local Security Checks	medium
93871	Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)	Nessus	Debian Local Security Checks	high
92565	AIX 7.2 TL 0 : nettcp (IV86132) (SLOTH)	Nessus	AIX Local Security Checks	medium
92564	AIX 5.3 TL 12 : nettcp (IV86120) (SLOTH)	Nessus	AIX Local Security Checks	medium
92563	AIX 7.2 TL 0 : nettcp (IV86119) (SLOTH)	Nessus	AIX Local Security Checks	medium
92562	AIX 7.1 TL 4 : nettcp (IV86118) (SLOTH)	Nessus	AIX Local Security Checks	medium
92561	AIX 7.1 TL 3 : nettcp (IV86117) (SLOTH)	Nessus	AIX Local Security Checks	medium
92560	AIX 6.1 TL 9 : nettcp (IV86116) (SLOTH)	Nessus	AIX Local Security Checks	medium
92400	RHEL 5 / 6 : java-1.7.0-ibm and java-1.7.1-ibm (RHSA-2016:1430) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
91379	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	critical
91154	OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)	Nessus	OracleVM Local Security Checks	critical
89989	SUSE SLES10 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0776-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
89961	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0770-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
89842	Amazon Linux AMI : openssl (ALAS-2016-661) (DROWN) (SLOTH)	Nessus	Amazon Linux Local Security Checks	critical
89776	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : thunderbird vulnerabilities (USN-2904-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	critical
89657	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0636-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
89053	AIX Java Advisory : java_jan2016_advisory.asc (January 2016 CPU) (SLOTH)	Nessus	AIX Local Security Checks	critical
89021	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
89018	openSUSE Security Update : bouncycastle (openSUSE-2016-282) (SLOTH)	Nessus	SuSE Local Security Checks	medium
88943	Debian DSA-3491-1 : icedove - security update (SLOTH)	Nessus	Debian Local Security Checks	critical
9076	Mozilla Firefox < 43.0.2 RSA-MD5 Collision-based Forgery Weakness (SLOTH)	Nessus Network Monitor	Web Clients	medium
88830	openSUSE Security Update : Thunderbird (openSUSE-2016-225) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88710	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:0433-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88709	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:0431-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88703	F5 Networks BIG-IP : SLOTH: TLS 1.2 handshake vulnerability (K02201365) (SLOTH)	Nessus	F5 Networks Local Security Checks	medium
88692	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:0390-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88663	Amazon Linux AMI : gnutls (ALAS-2016-651) (SLOTH)	Nessus	Amazon Linux Local Security Checks	medium
88659	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-647) (SLOTH)	Nessus	Amazon Linux Local Security Checks	critical
88657	Amazon Linux AMI : nss (ALAS-2016-645) (SLOTH)	Nessus	Amazon Linux Local Security Checks	medium
88655	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-643) (SLOTH)	Nessus	Amazon Linux Local Security Checks	critical
88591	AIX OpenSSL Advisory : openssl_advisory16.asc (SLOTH)	Nessus	AIX Local Security Checks	medium
88580	Debian DLA-410-1 : openjdk-6 security update (SLOTH)	Nessus	Debian Local Security Checks	critical
88568	Debian DSA-3465-1 : openjdk-6 - security update (SLOTH)	Nessus	Debian Local Security Checks	critical
88557	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:0101) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88556	RHEL 5 : java-1.7.0-ibm (RHSA-2016:0100) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88555	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0099) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88554	RHEL 7 : java-1.8.0-ibm (RHSA-2016:0098) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88550	openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88547	openSUSE Security Update : seamonkey (openSUSE-2016-126) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88541	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-115) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88540	openSUSE Security Update : Java7 (openSUSE-2016-110) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88538	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-107) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88537	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88536	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-105) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88516	Ubuntu 14.04 LTS / 15.04 / 15.10 : openjdk-7 vulnerabilities (USN-2884-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	critical
88486	SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0269-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88485	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2016:0265-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88453	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:0256-1) (SLOTH)	Nessus	SuSE Local Security Checks	critical
88427	Debian DSA-3458-1 : openjdk-7 - security update (SLOTH)	Nessus	Debian Local Security Checks	critical
88426	Debian DSA-3457-1 : iceweasel - security update (SLOTH)	Nessus	Debian Local Security Checks	critical
88132	openSUSE Security Update : polarssl (openSUSE-2016-60) (SLOTH)	Nessus	SuSE Local Security Checks	medium
88131	openSUSE Security Update : mbedtls (openSUSE-2016-59) (SLOTH)	Nessus	SuSE Local Security Checks	medium
88082	SUSE SLED11 / SLES11 Security Update : mozilla-nss (SUSE-SU-2016:0189-1) (SLOTH)	Nessus	SuSE Local Security Checks	medium
88080	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	critical
88079	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	critical
88078	Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	critical
88075	RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:0056) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88074	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0055) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88073	RHEL 5 / 7 : java-1.7.0-openjdk (RHSA-2016:0054) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88072	RHEL 6 : java-1.7.0-openjdk (RHSA-2016:0053) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88071	Oracle Linux 5 / 7 : java-1.7.0-openjdk (ELSA-2016-0054) (SLOTH)	Nessus	Oracle Linux Local Security Checks	critical
88070	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2016-0053) (SLOTH)	Nessus	Oracle Linux Local Security Checks	critical
88069	Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2016-0050) (SLOTH)	Nessus	Oracle Linux Local Security Checks	critical
88063	CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)	Nessus	CentOS Local Security Checks	critical
88062	CentOS 6 : java-1.7.0-openjdk (CESA-2016:0053) (SLOTH)	Nessus	CentOS Local Security Checks	critical
88061	CentOS 6 : java-1.8.0-openjdk (CESA-2016:0050) (SLOTH)	Nessus	CentOS Local Security Checks	critical
88060	CentOS 7 : java-1.8.0-openjdk (CESA-2016:0049) (SLOTH)	Nessus	CentOS Local Security Checks	critical
88046	Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH) (Unix)	Nessus	Misc.	critical
88045	Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH)	Nessus	Windows	critical
88041	Oracle JRockit R28 < R28.3.9 Multiple Vulnerabilities (January 2016 CPU) (SLOTH)	Nessus	Windows	critical
88037	Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	critical
88036	RHEL 6 : java-1.8.0-openjdk (RHSA-2016:0050) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88035	RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0049) (SLOTH)	Nessus	Red Hat Local Security Checks	critical
88031	Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2016-0049) (SLOTH)	Nessus	Oracle Linux Local Security Checks	critical
87988	SUSE SLED12 / SLES12 Security Update : mozilla-nss (SUSE-SU-2016:0149-1) (SLOTH)	Nessus	SuSE Local Security Checks	medium
87846	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : firefox vulnerability (USN-2866-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	medium
87845	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : gnutls26, gnutls28 vulnerability (USN-2865-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	medium
87841	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	medium
87840	Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	medium
87838	Scientific Linux Security Update : gnutls on SL6.x, SL7.x i386/x86_64 (SLOTH)	Nessus	Scientific Linux Local Security Checks	medium
87828	Debian DSA-3437-1 : gnutls26 - security update (SLOTH)	Nessus	Debian Local Security Checks	medium
87827	Debian DSA-3436-1 : openssl - security update (SLOTH)	Nessus	Debian Local Security Checks	medium
87816	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : nss vulnerability (USN-2864-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	medium
87815	Ubuntu 12.04 LTS : openssl vulnerability (USN-2863-1) (SLOTH)	Nessus	Ubuntu Local Security Checks	medium
87812	RHEL 6 / 7 : gnutls (RHSA-2016:0012) (SLOTH)	Nessus	Red Hat Local Security Checks	medium
87808	RHEL 6 / 7 : openssl (RHSA-2016:0008) (SLOTH)	Nessus	Red Hat Local Security Checks	medium
87807	RHEL 6 / 7 : nss (RHSA-2016:0007) (SLOTH)	Nessus	Red Hat Local Security Checks	medium
87800	OracleVM 3.3 : openssl (OVMSA-2016-0001) (SLOTH)	Nessus	OracleVM Local Security Checks	medium
87799	Oracle Linux 6 / 7 : gnutls (ELSA-2016-0012) (SLOTH)	Nessus	Oracle Linux Local Security Checks	medium
87795	Oracle Linux 6 / 7 : openssl (ELSA-2016-0008) (SLOTH)	Nessus	Oracle Linux Local Security Checks	medium
87794	Oracle Linux 6 / 7 : nss (ELSA-2016-0007) (SLOTH)	Nessus	Oracle Linux Local Security Checks	medium
87785	CentOS 6 / 7 : gnutls (CESA-2016:0012) (SLOTH)	Nessus	CentOS Local Security Checks	medium
87781	CentOS 6 / 7 : openssl (CESA-2016:0008) (SLOTH)	Nessus	CentOS Local Security Checks	medium
87780	CentOS 6 / 7 : nss (CESA-2016:0007) (SLOTH)	Nessus	CentOS Local Security Checks	medium
87719	openSUSE Security Update : MozillaFirefox (openSUSE-2016-6) (SLOTH)	Nessus	SuSE Local Security Checks	medium
87717	openSUSE Security Update : mozilla-nss (openSUSE-2015-978) (SLOTH)	Nessus	SuSE Local Security Checks	medium
87609	FreeBSD : NSS -- MD5 downgrade in TLS 1.2 signatures (10f7bc76-0335-4a88-b391-0b05b3a8ce1c) (SLOTH)	Nessus	FreeBSD Local Security Checks	medium

CVE-2015-7575

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0