Vulnerability Details : CVE-2015-2320
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
Products affected by CVE-2015-2320
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mono-project:mono:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2320
5.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2320
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-2320
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2320
-
https://www.debian.org/security/2015/dsa-3202
Debian -- Security Information -- DSA-3202-1 monoThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/03/17/9
oss-security - Re: Mono TLS vulnerabilitiesMailing List;Third Party Advisory
-
http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/
TLS Vulnerabilities | MonoVendor Advisory
-
http://www.securityfocus.com/bid/73256
Mono SSLv2 Fallback CVE-2015-2320 Man in the Middle Security Bypass VulnerabilityVDB Entry;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1202869
1202869 – (CVE-2015-2318, CVE-2015-2319, CVE-2015-2320) CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 mono: TLS implementation vulnerabilitiesIssue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2547-1
USN-2547-1: Mono vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
Remove the client-side SSLv2 fallback. · mono/mono@b371da6 · GitHubThird Party Advisory
Jump to