Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0FBD75B5BFABD0D71961A989922408F7527B8313D262A8FA4D6A16BDB6C37066
HistoryJun 16, 2018 - 9:40 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Guardium Data Redaction (CVE-2015-7575)

2018-06-1621:40:07
www.ibm.com
8

EPSS

0.003

Percentile

69.2%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version1.6 that is used by IBM InfoSphere Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”.

Vulnerability Details

CVEID: CVE-2015-7575**
DESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as “SLOTH”.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109415 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N)

Affected Products and Versions

IBM InfoSphere Guardium Data Redaction 2.5.1

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
InfoSphere Guardium Guardium Data Redaction| 2.5.1| PSIRT 69592 | http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=Guardium_DataRedaction_2.5.1_SecurityUpdate_2016-02-19&includeSupersedes=0&source=fc

Related

nessus 39
openvas 30
ibm 94
oraclelinux 3
ubuntu 4
redhat 3
f5 2
cvelist 1
nvd 1
veracode 1
freebsd 1
ubuntucve 1
aix 1
amazon 2
centos 3
debian 4
cve 2
mozilla 1
lenovo 1
kaspersky 1
archlinux 1
prion 1
debiancve 1
gentoo 1
nessus
nessus
Debian DSA-3436-1 : openssl - security update (SLOTH)
2016-01-11 00:00:00
Oracle Linux 6 / 7 : nss (ELSA-2016-0007) (SLOTH)
2016-01-08 00:00:00
FreeBSD : NSS -- MD5 downgrade in TLS 1.2 signatures (10f7bc76-0335-4a88-b391-0b05b3a8ce1c) (SLOTH)
2015-12-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2865-1)
2016-01-09 00:00:00
Ubuntu: Security Advisory (USN-2863-1)
2016-01-08 00:00:00
CentOS Update for gnutls CESA-2016:0012 centos7
2016-01-08 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Host On-Demand (CVE-2015-7575)
2018-08-03 04:23:43
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM WebSphere MQ Internet Pass-Thru (CVE-2015-7575)
2018-06-15 07:05:05
Security Bulletin: : Vulnerability in MD5 Signature and Hash Algorithm affects IBM® SDK for Node.js™ (CVE-2015-7575)
2018-08-09 04:20:36
oraclelinux
oraclelinux
nss security update
2016-01-07 00:00:00
gnutls security update
2016-01-07 00:00:00
openssl security update
2016-01-07 00:00:00
ubuntu
ubuntu
Firefox vulnerability
2016-01-08 00:00:00
NSS vulnerability
2016-01-07 00:00:00
GnuTLS vulnerability
2016-01-08 00:00:00
redhat
redhat
(RHSA-2016:0008) Moderate: openssl security update
2016-01-07 00:00:00
(RHSA-2016:0007) Moderate: nss security update
2016-01-07 00:00:00
(RHSA-2016:0012) Moderate: gnutls security update
2016-01-07 00:00:00
f5
f5
SOL02201365 - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575
2016-01-22 00:00:00
K02201365 : SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575
2016-01-23 00:00:00
cvelist
cvelist
CVE-2015-7575
2016-01-09 02:00:00
nvd
nvd
CVE-2015-7575
2016-01-09 02:59:10
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:09:31
freebsd
freebsd
NSS -- MD5 downgrade in TLS 1.2 signatures
2015-12-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-7575
2015-12-31 00:00:00
aix
aix
Vulnerability in MD5 Signature and Hash Algorithm affects OpenSSL on AIX
2016-01-29 15:43:20
amazon
amazon
Medium: nss
2016-02-09 13:30:00
Medium: gnutls
2016-02-09 13:30:00
centos
centos
openssl security update
2016-01-07 22:09:26
nss security update
2016-01-07 22:08:46
gnutls security update
2016-01-07 22:10:02
debian
debian
[SECURITY] [DSA 3436-1] openssl security update
2016-01-08 15:34:55
[SECURITY] [DSA 3436-1] openssl security update
2016-01-08 15:34:55
[SECURITY] [DSA 3437-1] gnutls26 security update
2016-01-09 12:10:21
cve
cve
CVE-2015-7575
2016-01-09 02:59:10
CVE-2016-7575
2022-10-03 16:16:27
mozilla
mozilla
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature — Mozilla
2015-12-22 00:00:00
lenovo
lenovo
Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH)
2016-08-14 00:00:00
kaspersky
kaspersky
KLA10732 Security bypass vulnerability in Mozilla Firefox and Firefox ESR
2015-12-22 00:00:00
archlinux
archlinux
mbedtls: man-in-the-middle
2016-01-25 00:00:00
prion
prion
Code injection
2016-01-09 02:59:00
debiancve
debiancve
CVE-2015-7575
2016-01-09 02:59:10
gentoo
gentoo
PolarSSL: Multiple vulnerabilities
2018-01-15 00:00:00

EPSS

0.003

Percentile

69.2%

JSON
Related for 0FBD75B5BFABD0D71961A989922408F7527B8313D262A8FA4D6A16BDB6C37066
nessus39openvas30ibm94oraclelinux3ubuntu4redhat3f52cvelist1nvd1veracode1freebsd1ubuntucve1aix1amazon2centos3debian4cve2mozilla1lenovo1kaspersky1archlinux1prion1debiancve1gentoo1