CVE-2015-8960

🗓️ 21 Sep 2016 01:00:00Reported by redhatType

The TLS protocol 1.2 and earlier supports rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key

Reporter	Title	Published	Views	Family All 9
AlpineLinux	CVE-2015-8960	21 Sep 201601:00	–	alpinelinux
Broadcom	BSA-2018-620	21 Jun 201800:00	–	broadcom
CNVD	TLS protocol man-in-the-middle attack vulnerability (CNVD-2016-08101)	22 Sep 201600:00	–	cnvd
Cvelist	CVE-2015-8960	21 Sep 201601:00	–	cvelist
EUVD	EUVD-2015-8816	7 Oct 202500:30	–	euvd
NVD	CVE-2015-8960	21 Sep 201602:59	–	nvd
Prion	Design/Logic Flaw	21 Sep 201602:59	–	prion
Positive Technologies	PT-2016-4072	21 Sep 201600:00	–	ptsecurity
SUSE CVE	SUSE CVE-2015-8960	15 Feb 202305:10	–	susecve

NVD

Node

ietf transport_layer_securityRange≤1.2

AND

apple safariMatch-

google chromeMatch-

microsoft internet_explorerMatch-

mozilla firefoxMatch-

opera opera_browserMatch-

Node

netapp clustered_data_ontap_antivirus_connectorMatch-

netapp data_ontap_edgeMatch-

netapp host_agentMatch-

netapp oncommand_shiftMatch-

netapp plug-in_for_symantec_netbackupMatch-

netapp smi-s_providerMatch-

netapp snap_creator_frameworkMatch-

netapp snapdriveMatch-unix

netapp snapdriveMatch-windows

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp snapprotectMatch-

netapp solidfire_&_hci_management_nodeMatch-

netapp system_setupMatch-

Source	Link
twitter	www.twitter.com/matthew_d_green/statuses/630908726950674433
security	www.security.netapp.com/advisory/ntap-20180626-0002/
securityfocus	www.securityfocus.com/bid/93071
kcitls	www.kcitls.org/
usenix	www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
openwall	www.openwall.com/lists/oss-security/2016/09/20/4

06 May 2026 22:30Current

7.8High risk

Vulners AI Score7.8

CVSS 26.8

CVSS 3.18.1

EPSS0.00327

CWE-295