CVE-2015-2320 : The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

Published 2018-01-08 19:29:01

Updated 2018-01-30 19:21:04

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-2320

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Mono-project » Mono
Versions before (<) 3.12.1
cpe:2.3:a:mono-project:mono:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

5.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Assigned by: nvd@nist.gov (Primary)

https://www.debian.org/security/2015/dsa-3202

Debian -- Security Information -- DSA-3202-1 mono
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2015/03/17/9

oss-security - Re: Mono TLS vulnerabilities
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/

TLS Vulnerabilities | Mono
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/73256

Mono SSLv2 Fallback CVE-2015-2320 Man in the Middle Security Bypass Vulnerability
VDB Entry;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202869

1202869 – (CVE-2015-2318, CVE-2015-2319, CVE-2015-2320) CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 mono: TLS implementation vulnerabilities
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2547-1

USN-2547-1: Mono vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b

Remove the client-side SSLv2 fallback. · mono/mono@b371da6 · GitHub
Third Party Advisory

Jump to