Published: 08/01/2018 Updated: 30/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The TLS stack in Mono prior to 3.12.1 makes it easier for remote malicious users to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mono-project mono

Debian Bug report logs - #780751 mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Package: src:mono; Maintainer for src:mono is Debian Mono Group <pkg-mono-group@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Mar 2015 19:27:01 UTC Severity: grave Tags: fixed-upstream, sec ...

Several security issues were fixed in Mono ...

Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FRE ...

CWE-295 https://www.debian.org/security/2015/dsa-3202 https://mitls.org/pages/attacks/SMACK#freak https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10 https://bugzilla.redhat.com/show_bug.cgi?id=1202869 http://www.ubuntu.com/usn/USN-2547-1 http://www.securityfocus.com/bid/73250 http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780751 https://usn.ubuntu.com/2547-1/https://nvd.nist.gov

CVE-2015-2319

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect