CVE-2016-8635

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

References

http://rhn.redhat.com/errata/RHSA-2016-2779.html

http://www.securityfocus.com/bid/94346

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635

https://security.gentoo.org/glsa/201701-46

Details

Source: MITRE

Published: 2018-08-01

Updated: 2019-10-09

Type: CWE-320

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
100151SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (SUSE-SU-2017:1248-1)NessusSuSE Local Security Checks
critical
99992SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr (SUSE-SU-2017:1175-1)NessusSuSE Local Security Checks
critical
99843EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2016-1084)NessusHuawei Local Security Checks
high
96643GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)NessusGentoo Local Security Checks
high
96304Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)NessusUbuntu Local Security Checks
high
95894Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)NessusAmazon Linux Local Security Checks
high
95052Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)NessusScientific Linux Local Security Checks
high
94981CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)NessusCentOS Local Security Checks
high
94931OracleVM 3.2 : nss (OVMSA-2016-0160)NessusOracleVM Local Security Checks
medium
94930OracleVM 3.3 / 3.4 : nssnss-util (OVMSA-2016-0159)NessusOracleVM Local Security Checks
high
94927Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)NessusOracle Linux Local Security Checks
high
94912RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)NessusRed Hat Local Security Checks
high