Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.apple.com/archives/security-announce/2015/Mar/msg00000.html

lists.apple.com/archives/security-announce/2015/Mar/msg00001.html

lists.apple.com/archives/security-announce/2015/Mar/msg00002.html

www.securityfocus.com/bid/73009

www.securitytracker.com/id/1031829

www.securitytracker.com/id/1031830

freakattack.com/

support.apple.com/HT204413

support.apple.com/HT204423

support.apple.com/HT204426

support.apple.com/HT204659

support.apple.com/kb/HT204870

cvelist 5

f5 4

cve 7

nvd 7

prion 6

checkpoint_advisories 2

nessus 44

openvas 23

thn 3

threatpost 1

kaspersky 1

cisa 1

cisco 1

ibm 69

hackerone 1

debiancve 2

checkpoint_security 1

cert 1

fortinet 1

openssl 1

veracode 1

ubuntucve 2

securityvulns 7

osv 1

kitploit 1

debian 1

oraclelinux 2

redhat 1

aix 1

centos 1

cvelist

CVE-2015-1637

2015-03-06 17:00:00

CVE-2015-0204

2015-01-09 02:00:00

CVE-2015-0535

2015-08-20 10:00:00

SOL16903 - Microsoft Schannel vulnerability CVE-2015-1637

2015-07-13 00:00:00

K16903 : Microsoft Schannel vulnerability CVE-2015-1637

2015-07-13 00:00:00

K16139 : OpenSSL vulnerability CVE-2015-0204

2015-10-02 00:00:00

cve

CVE-2015-1637

2015-03-06 17:59:00

CVE-2015-1067

2015-03-11 01:59:00

CVE-2015-0204

2015-01-09 02:59:10

nvd

CVE-2015-1637

2015-03-06 17:59:00

CVE-2015-1067

2015-03-11 01:59:00

CVE-2015-0204

2015-01-09 02:59:10

prion

Design/Logic Flaw

2015-03-11 01:59:00

Design/Logic Flaw

2015-03-06 17:59:00

Code injection

2015-01-09 02:59:00

checkpoint_advisories

SSL Export Cipher Suite (CVE-2015-0204; CVE-2015-1637)

2015-03-04 00:00:00

OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204; CVE-2015-1637)

2015-03-04 00:00:00

nessus

Lexmark Printer config.html Administrator Authentication Bypass (FREAK)

2015-10-19 00:00:00

MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)

2015-03-10 00:00:00

MS KB3046015: Vulnerability in Schannel Could Allow Security Feature Bypass (FREAK)

2015-03-05 00:00:00

openvas

Microsoft Schannel Security Feature Bypass Vulnerability (3046049)

2015-03-11 00:00:00

SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK)

2015-03-06 00:00:00

DTLS: Deprecated DTLSv1.0 Detection

2024-01-09 00:00:00

thn

Microsoft: All Windows versions Vulnerable to FREAK Vulnerability

2015-03-05 21:01:00

'FREAK' — New SSL/TLS Vulnerability Explained

2015-03-03 20:30:00

OpenSSL to Patch Undisclosed High Severity Vulnerability this Thursday

2015-07-06 22:12:00

threatpost

Microsoft Schannel Vulnerable to FREAK

2015-03-05 16:19:27

kaspersky

KLA10459 Security bypass vulnerability in Microsoft Windows

2015-03-10 00:00:00

cisa

FREAK

2015-03-06 00:00:00

cisco

OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability

2015-01-13 19:57:19

ibm

Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)

2018-06-17 05:01:24

Security Bulletin: Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 and Gen2 (CVE-2015-0204)

2018-06-18 00:09:22

Security Bulletin: FREAK vulnerability in TLS/SSL affects IBM CICS Transaction Gateway (CVE-2015-0204)

2018-06-15 07:02:44

hackerone

Internet Bug Bounty: FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers

2015-03-05 16:18:06

debiancve

CVE-2015-0204

2015-01-09 02:59:10

CVE-2015-2319

2018-01-08 19:29:00

checkpoint_security

Check Point response to TLS FREAK Attack (CVE-2015-0204)

2015-03-03 22:00:00

cert

SSL/TLS implementations accept export-grade RSA keys (FREAK attack)

2015-03-06 00:00:00

fortinet

TLS FREAK Attack

2015-03-04 00:00:00

openssl

Vulnerability in OpenSSL CVE-2015-0204

2015-01-06 00:00:00

veracode

Brute Force Decryption

2017-02-10 01:27:34

ubuntucve

CVE-2015-0204

2015-01-08 00:00:00

CVE-2015-2319

2015-03-18 00:00:00

securityvulns

Apple TV multiple security vulnerabilities

2015-03-16 00:00:00

APPLE-SA-2015-03-09-2 AppleTV 7.1

2015-03-16 00:00:00

APPLE-SA-2015-03-09-3 Security Update 2015-002

2015-03-16 00:00:00

osv

openssl - security update

2015-01-11 00:00:00

kitploit

A2SV - Auto Scanning to SSL Vulnerability

2016-08-06 14:46:00

debian

[SECURITY] [DLA 132-1] openssl security update

2015-01-11 13:16:17

oraclelinux

openssl security update

2015-02-26 00:00:00

openssl security update

2015-01-20 00:00:00

redhat

(RHSA-2015:0066) Moderate: openssl security update

2015-01-20 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-02-04 06:24:41

centos

openssl security update

2015-01-20 21:00:39

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.1

Confidence

Low

EPSS

0.963

Percentile

99.6%

JSON

Related for CVELIST:CVE-2015-1067