CVE-2015-2077

🗓️ 24 Feb 2015 23:59:00Reported by AttackerKBType

attackerkb

attackerkb🔗 attackerkb.com👁 4 Views

SDK reuses a root certificate private key across customers, enabling MITM SSL spoofing.

Reporter	Title	Published	Views	Family All 12
Tenable Nessus	Komodia SSL Digestor SDK MitM (Detected via DNS Query)	1 Mar 201500:00	–	nessus
Tenable Nessus	Komodia SSL Digestor SDK MitM (Detected via HTTP Request)	1 Mar 201500:00	–	nessus
Tenable Nessus	Komodia SSL Digestor Root CA Certificate Installed (Superfish)	20 Feb 201500:00	–	nessus
ATTACKERKB	CVE-2015-2078	24 Feb 201523:59	–	attackerkb
CNVD	Komodia SDK for Komodia Redirector with SSL Digestor Information Disclosure Vulnerability	28 Feb 201500:00	–	cnvd
CVE	CVE-2015-2077	24 Feb 201523:00	–	cve
Cvelist	CVE-2015-2077	24 Feb 201523:00	–	cvelist
EUVD	EUVD-2015-2188	7 Oct 202500:30	–	euvd
Kaspersky	KLA10461 Security bypass vulnerability in multiple products	24 Feb 201500:00	–	kaspersky
NVD	CVE-2015-2077	24 Feb 201523:59	–	nvd

Source	Link
kb	www.kb.cert.org/vuls/id/529496
wired	www.wired.com/2015/02/lenovo-superfish
blog	www.blog.filippo.io/komodia-superfish-ssl-validation-is-broken
facebook	www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
blog	www.blog.filippo.io/komodia-superfish-ssl-validation-is-broken/
news	www.news.lenovo.com/article_display.cfm
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
marcrogers	www.marcrogers.org/2015/02/19/lenovo-installs-adware-on-customer-laptops-and-compromises-all-ssl/
blog	www.blog.erratasec.com/2015/02/extracting-superfish-certificate.html
securityfocus	www.securityfocus.com/bid/72693

19 Feb 2026 03:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 25

EPSS0.02084

root certificate key private key reuse man in middle secure sockets layer