Lucene search

[email protected]NVD:CVE-2014-1568

HistorySep 25, 2014 - 5:55 p.m.

CVE-2014-1568

2014-09-2517:55:04

CWE-310

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.2 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a “signature malleability” issue.

Affected configurations

NVD

Node

googlechromeRange≤37.0.2062.120

AND

applemac_os_x

microsoftwindows

Node

mozillafirefoxRange≤32.0

mozillafirefoxMatch32.0.1

mozillafirefoxMatch32.0.2

mozillafirefox_esrMatch24.8.0

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1.0

mozillanetwork_security_servicesRange≤3.16.2.0

mozillanetwork_security_servicesMatch3.2

mozillanetwork_security_servicesMatch3.2.1

mozillanetwork_security_servicesMatch3.3

mozillanetwork_security_servicesMatch3.3.1

mozillanetwork_security_servicesMatch3.3.2

mozillanetwork_security_servicesMatch3.4

mozillanetwork_security_servicesMatch3.4.1

mozillanetwork_security_servicesMatch3.4.2

mozillanetwork_security_servicesMatch3.5

mozillanetwork_security_servicesMatch3.6

mozillanetwork_security_servicesMatch3.6.1

mozillanetwork_security_servicesMatch3.7

mozillanetwork_security_servicesMatch3.7.1

mozillanetwork_security_servicesMatch3.7.2

mozillanetwork_security_servicesMatch3.7.3

mozillanetwork_security_servicesMatch3.7.5

mozillanetwork_security_servicesMatch3.7.7

mozillanetwork_security_servicesMatch3.8

mozillanetwork_security_servicesMatch3.9

mozillanetwork_security_servicesMatch3.11.2

mozillanetwork_security_servicesMatch3.11.3

mozillanetwork_security_servicesMatch3.11.4

mozillanetwork_security_servicesMatch3.11.5

mozillanetwork_security_servicesMatch3.12

mozillanetwork_security_servicesMatch3.12.1

mozillanetwork_security_servicesMatch3.12.2

mozillanetwork_security_servicesMatch3.12.3

mozillanetwork_security_servicesMatch3.12.3.1

mozillanetwork_security_servicesMatch3.12.3.2

mozillanetwork_security_servicesMatch3.12.4

mozillanetwork_security_servicesMatch3.12.5

mozillanetwork_security_servicesMatch3.12.6

mozillanetwork_security_servicesMatch3.12.7

mozillanetwork_security_servicesMatch3.12.8

mozillanetwork_security_servicesMatch3.12.9

mozillanetwork_security_servicesMatch3.12.10

mozillanetwork_security_servicesMatch3.12.11

mozillanetwork_security_servicesMatch3.14

mozillanetwork_security_servicesMatch3.14.1

mozillanetwork_security_servicesMatch3.14.2

mozillanetwork_security_servicesMatch3.14.3

mozillanetwork_security_servicesMatch3.14.4

mozillanetwork_security_servicesMatch3.14.5

mozillanetwork_security_servicesMatch3.15

mozillanetwork_security_servicesMatch3.15.1

mozillanetwork_security_servicesMatch3.15.2

mozillanetwork_security_servicesMatch3.15.3

mozillanetwork_security_servicesMatch3.15.3.1

mozillanetwork_security_servicesMatch3.15.4

mozillanetwork_security_servicesMatch3.15.5

mozillanetwork_security_servicesMatch3.16

mozillanetwork_security_servicesMatch3.16.1

mozillanetwork_security_servicesMatch3.16.3

mozillanetwork_security_servicesMatch3.16.4

mozillaseamonkey

mozillaseamonkeyRange≤2.29-

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

mozillaseamonkeyMatch1.5.0.10

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

mozillaseamonkeyMatch2.0.3

mozillaseamonkeyMatch2.0.4

mozillaseamonkeyMatch2.0.5

mozillaseamonkeyMatch2.0.6

mozillaseamonkeyMatch2.0.7

mozillaseamonkeyMatch2.0.8

mozillaseamonkeyMatch2.0.9

mozillaseamonkeyMatch2.0.10

mozillaseamonkeyMatch2.0.11

mozillaseamonkeyMatch2.0.12

mozillaseamonkeyMatch2.0.13

mozillaseamonkeyMatch2.0.14

mozillaseamonkeyMatch2.1

mozillaseamonkeyMatch2.1alpha1

mozillaseamonkeyMatch2.1alpha2

mozillaseamonkeyMatch2.1alpha3

mozillaseamonkeyMatch2.1beta1

mozillaseamonkeyMatch2.1beta2

mozillaseamonkeyMatch2.1beta3

mozillaseamonkeyMatch2.1rc1

mozillaseamonkeyMatch2.1rc2

mozillaseamonkeyMatch2.2

mozillaseamonkeyMatch2.2beta1

mozillaseamonkeyMatch2.2beta2

mozillaseamonkeyMatch2.2beta3

mozillaseamonkeyMatch2.10

mozillaseamonkeyMatch2.10beta1

mozillaseamonkeyMatch2.10beta2

mozillaseamonkeyMatch2.10beta3

mozillaseamonkeyMatch2.10.1

mozillaseamonkeyMatch2.11

mozillaseamonkeyMatch2.11beta1

mozillaseamonkeyMatch2.11beta2

mozillaseamonkeyMatch2.11beta3

mozillaseamonkeyMatch2.11beta4

mozillaseamonkeyMatch2.11beta5

mozillaseamonkeyMatch2.11beta6

mozillaseamonkeyMatch2.12

mozillaseamonkeyMatch2.12beta1

mozillaseamonkeyMatch2.12beta2

mozillaseamonkeyMatch2.12beta3

mozillaseamonkeyMatch2.12beta4

mozillaseamonkeyMatch2.12beta5

mozillaseamonkeyMatch2.12beta6

mozillaseamonkeyMatch2.12.1

mozillaseamonkeyMatch2.13

mozillaseamonkeyMatch2.13beta1

mozillaseamonkeyMatch2.13beta2

mozillaseamonkeyMatch2.13beta3

mozillaseamonkeyMatch2.13beta4

mozillaseamonkeyMatch2.13beta5

mozillaseamonkeyMatch2.13beta6

mozillaseamonkeyMatch2.13.1

mozillaseamonkeyMatch2.13.2

mozillaseamonkeyMatch2.14

mozillaseamonkeyMatch2.14beta1

mozillaseamonkeyMatch2.14beta2

mozillaseamonkeyMatch2.14beta3

mozillaseamonkeyMatch2.14beta4

mozillaseamonkeyMatch2.14beta5

mozillaseamonkeyMatch2.15

mozillaseamonkeyMatch2.15beta1

mozillaseamonkeyMatch2.15beta2

mozillaseamonkeyMatch2.15beta3

mozillaseamonkeyMatch2.15beta4

mozillaseamonkeyMatch2.15beta5

mozillaseamonkeyMatch2.15beta6

mozillaseamonkeyMatch2.15.1

mozillaseamonkeyMatch2.15.2

mozillaseamonkeyMatch2.16

mozillaseamonkeyMatch2.16beta1

mozillaseamonkeyMatch2.16beta2

mozillaseamonkeyMatch2.16beta3

mozillaseamonkeyMatch2.16beta4

mozillaseamonkeyMatch2.16beta5

mozillaseamonkeyMatch2.16.1

mozillaseamonkeyMatch2.16.2

mozillaseamonkeyMatch2.17

mozillaseamonkeyMatch2.17beta1

mozillaseamonkeyMatch2.17beta2

mozillaseamonkeyMatch2.17beta3

mozillaseamonkeyMatch2.17beta4

mozillaseamonkeyMatch2.17.1

mozillaseamonkeyMatch2.18beta1

mozillaseamonkeyMatch2.18beta2

mozillaseamonkeyMatch2.18beta3

mozillaseamonkeyMatch2.18beta4

mozillaseamonkeyMatch2.19

mozillaseamonkeyMatch2.19beta1

mozillaseamonkeyMatch2.19beta2

mozillaseamonkeyMatch2.20

mozillaseamonkeyMatch2.20beta1

mozillaseamonkeyMatch2.20beta2

mozillaseamonkeyMatch2.20beta3

mozillaseamonkeyMatch2.21beta1

mozillaseamonkeyMatch2.21beta2

mozillaseamonkeyMatch2.22beta1

mozillaseamonkeyMatch2.22beta2

mozillaseamonkeyMatch2.22.1

mozillaseamonkeyMatch2.23

mozillaseamonkeyMatch2.23beta1

mozillaseamonkeyMatch2.24

mozillaseamonkeyMatch2.24beta1

mozillaseamonkeyMatch2.25-

mozillaseamonkeyMatch2.25beta1

mozillaseamonkeyMatch2.25beta2

mozillaseamonkeyMatch2.25beta3

mozillaseamonkeyMatch2.26-

mozillaseamonkeyMatch2.26rc1

mozillathunderbirdRange≤24.8.0

mozillathunderbirdMatch31.0

mozillathunderbirdMatch31.1.0

mozillathunderbirdMatch31.1.1

Node

googlechromeRange≤37.0.2062.103

googlechromeMatch37.0.2062.0

googlechromeMatch37.0.2062.3

googlechromeMatch37.0.2062.20

googlechromeMatch37.0.2062.100

googlechromeMatch37.0.2062.102

AND

googlechrome_os

References

googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html

googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html

rhn.redhat.com/errata/RHSA-2014-1307.html

rhn.redhat.com/errata/RHSA-2014-1354.html

rhn.redhat.com/errata/RHSA-2014-1371.html

secunia.com/advisories/61540

secunia.com/advisories/61574

secunia.com/advisories/61575

secunia.com/advisories/61576

secunia.com/advisories/61583

www.debian.org/security/2014/dsa-3033

www.debian.org/security/2014/dsa-3034

www.debian.org/security/2014/dsa-3037

www.kb.cert.org/vuls/id/772676

www.mozilla.org/security/announce/2014/mfsa2014-73.html

www.novell.com/support/kb/doc.php?id=7015701

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/70116

www.ubuntu.com/usn/USN-2360-1

www.ubuntu.com/usn/USN-2360-2

www.ubuntu.com/usn/USN-2361-1

bugzilla.mozilla.org/show_bug.cgi?id=1064636

bugzilla.mozilla.org/show_bug.cgi?id=1069405

exchange.xforce.ibmcloud.com/vulnerabilities/96194

security.gentoo.org/glsa/201504-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.2 Medium

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

CVE-2014-1568

Affected configurations

References

Related