Published: 08/01/2018 Updated: 30/01/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The TLS stack in Mono prior to 3.12.1 allows man-in-the-middle malicious users to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mono-project mono
debian debian linux 6.0

Debian Bug report logs - #780751 mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Package: src:mono; Maintainer for src:mono is Debian Mono Group <pkg-mono-group@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Mar 2015 19:27:01 UTC Severity: grave Tags: fixed-upstream, sec ...

Several security issues were fixed in Mono ...

Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FRE ...

CWE-295 https://www.debian.org/security/2015/dsa-3202 https://mitls.org/pages/attacks/SMACK#skip https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4 https://bugzilla.redhat.com/show_bug.cgi?id=1202869 http://www.ubuntu.com/usn/USN-2547-1 http://www.securityfocus.com/bid/73253 http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780751 https://usn.ubuntu.com/2547-1/https://nvd.nist.gov

CVE-2015-2318

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect