Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2015-6112

Published: 11/11/2015 Updated: 16/05/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Windows Rt

Vulnerability Summary

SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle malicious users to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows rt -

microsoft windows server 2008 r2

microsoft windows server 2008 -

microsoft windows vista -

microsoft windows server 2012 r2

microsoft windows server 2012 -

microsoft windows 8 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows 7 -

Github Repositories

https://github.com/Tripwire-VERT/TLS_Extended_Master_Checker

Detection for RFC7627 Support (TLS Extended Master Secret Extension)

TLS Extended Master Secret Extension Checker This script is designed for detection of servers without support for the RFC7627 and therefore potentially vulnerable to the TLS Triple Handshake Attack (CVE-2015-6112) It attempts to negotiate using each relevant protocol version (TLSv1, TLSv11, and TLSv12) advertising a comprehensive set of ciphers and the TLS Extended Master S

References

CWE-310CWE-20http://www.securitytracker.com/id/1034124https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-121https://nvd.nist.govhttps://github.com/Tripwire-VERT/TLS_Extended_Master_Checker
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook