Published: 08/01/2018 Updated: 30/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The TLS stack in Mono prior to 3.12.1 allows remote malicious users to have unspecified impact via vectors related to client-side SSLv2 fallback.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mono-project mono
debian debian linux 7.0

Debian Bug report logs - #780751 mono: CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Package: src:mono; Maintainer for src:mono is Debian Mono Group <pkg-mono-group@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Mar 2015 19:27:01 UTC Severity: grave Tags: fixed-upstream, sec ...

Several security issues were fixed in Mono ...

Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FRE ...

CWE-295 https://www.debian.org/security/2015/dsa-3202 https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b https://bugzilla.redhat.com/show_bug.cgi?id=1202869 http://www.ubuntu.com/usn/USN-2547-1 http://www.securityfocus.com/bid/73256 http://www.openwall.com/lists/oss-security/2015/03/17/9 http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780751 https://usn.ubuntu.com/2547-1/https://nvd.nist.gov

CVE-2015-2320

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect