CVE-2018-12384

MEDIUM

Description

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Details

Source: MITRE

Published: 2019-04-29

Updated: 2019-10-16

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (29 total)

ID	Name	Product	Family	Severity
127386	NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131)	Nessus	NewStart CGSL Local Security Checks	medium
127200	NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)	Nessus	NewStart CGSL Local Security Checks	high
124900	EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)	Nessus	Huawei Local Security Checks	medium
123855	EulerOS Virtualization 2.5.3 : nss (EulerOS-SA-2019-1169)	Nessus	Huawei Local Security Checks	medium
123408	openSUSE Security Update : mozilla-nss (openSUSE-2019-998)	Nessus	SuSE Local Security Checks	medium
123164	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)	Nessus	SuSE Local Security Checks	medium
121068	Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)	Nessus	Junos Local Security Checks	high
121062	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1)	Nessus	Ubuntu Local Security Checks	medium
120778	Fedora 29 : nspr / nss / nss-softokn / nss-util (2018-c72d2d89ec)	Nessus	Fedora Local Security Checks	medium
120262	Fedora 28 : nspr / nss / nss-softokn / nss-util (2018-1a7a5c54c2)	Nessus	Fedora Local Security Checks	medium
120193	SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)	Nessus	SuSE Local Security Checks	high
119948	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)	Nessus	SuSE Local Security Checks	low
119871	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)	Nessus	SuSE Local Security Checks	high
119670	openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)	Nessus	SuSE Local Security Checks	medium
119086	Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2018-2898)	Nessus	Virtuozzo Local Security Checks	medium
118760	EulerOS 2.0 SP3 : nss (EulerOS-SA-2018-1366)	Nessus	Huawei Local Security Checks	medium
118741	EulerOS 2.0 SP2 : nss (EulerOS-SA-2018-1358)	Nessus	Huawei Local Security Checks	medium
118402	Amazon Linux 2 : nss (ALAS-2018-1095)	Nessus	Amazon Linux Local Security Checks	medium
118362	Amazon Linux AMI : nss (ALAS-2018-1095)	Nessus	Amazon Linux Local Security Checks	medium
118058	Scientific Linux Security Update : nss on SL6.x i386/x86_64 (20181009)	Nessus	Scientific Linux Local Security Checks	medium
118051	OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264)	Nessus	OracleVM Local Security Checks	medium
118030	RHEL 6 : nss (RHSA-2018:2898)	Nessus	Red Hat Local Security Checks	medium
118027	Oracle Linux 6 : nss (ELSA-2018-2898)	Nessus	Oracle Linux Local Security Checks	medium
118022	CentOS 6 : nss (CESA-2018:2898)	Nessus	CentOS Local Security Checks	medium
117832	CentOS 7 : nss (CESA-2018:2768)	Nessus	CentOS Local Security Checks	medium
117788	Scientific Linux Security Update : nss on SL7.x x86_64 (20180925)	Nessus	Scientific Linux Local Security Checks	medium
117778	RHEL 7 : nss (RHSA-2018:2768)	Nessus	Red Hat Local Security Checks	medium
117768	Oracle Linux 7 : nss (ELSA-2018-2768)	Nessus	Oracle Linux Local Security Checks	medium
117532	Fedora 27 : nspr / nss / nss-softokn / nss-util (2018-4a21a8ca59)	Nessus	Fedora Local Security Checks	medium