Lucene search

Alpine Linux Development TeamALPINE:CVE-2015-8960

HistorySep 21, 2016 - 2:59 a.m.

CVE-2015-8960

2016-09-2102:59:00

Alpine Linux Development Team

security.alpinelinux.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.3%

JSON

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the “Key Compromise Impersonation (KCI)” issue.

OSVersionArchitecturePackageVersionFilename
Alpine3.14-communitynoarchfirefox= 89.0.1-r0UNKNOWN
Alpine3.15-communitynoarchfirefox= 94.0-r0UNKNOWN
Alpine3.16-communitynoarchfirefox= 101.0.1-r0UNKNOWN
Alpine3.17-communitynoarchfirefox= 109.0.1-r0UNKNOWN
Alpine3.18-communitynoarchfirefox= 119.0-r0UNKNOWN
Alpine3.19-communitynoarchfirefox= 125.0.3-r0UNKNOWN
Alpine3.20-communitynoarchfirefox= 126.0.1-r0UNKNOWN
Alpineedge-communitynoarchfirefox= 127.0.2-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.14-community	noarch	firefox	= 89.0.1-r0	UNKNOWN
Alpine	3.15-community	noarch	firefox	= 94.0-r0	UNKNOWN
Alpine	3.16-community	noarch	firefox	= 101.0.1-r0	UNKNOWN
Alpine	3.17-community	noarch	firefox	= 109.0.1-r0	UNKNOWN
Alpine	3.18-community	noarch	firefox	= 119.0-r0	UNKNOWN
Alpine	3.19-community	noarch	firefox	= 125.0.3-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox	= 126.0.1-r0	UNKNOWN
Alpine	edge-community	noarch	firefox	= 127.0.2-r0	UNKNOWN

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.3%

JSON

Related for ALPINE:CVE-2015-8960