Lucene search

PRIOn knowledge basePRION:CVE-2013-5606

HistoryNov 18, 2013 - 5:23 a.m.

Design/Logic Flaw

2013-11-1805:23:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

CPENameOperatorVersion
network_security_serviceseq3.15
network_security_serviceseq3.15.1
network_security_serviceseq3.15.2

Name	Operator	Version
network_security_services	eq	3.15
network_security_services	eq	3.15.1
network_security_services	eq	3.15.2

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.opensuse.org/opensuse-security-announce/2013-12/msg00000.html

lists.opensuse.org/opensuse-updates/2013-11/msg00080.html

rhn.redhat.com/errata/RHSA-2013-1791.html

rhn.redhat.com/errata/RHSA-2013-1829.html

rhn.redhat.com/errata/RHSA-2014-0041.html

seclists.org/fulldisclosure/2014/Dec/23

security.gentoo.org/glsa/glsa-201406-19.xml

www.debian.org/security/2014/dsa-2994

www.mozilla.org/security/announce/2013/mfsa2013-103.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/63737

www.ubuntu.com/usn/USN-2030-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.mozilla.org/show_bug.cgi?id=910438

developer.mozilla.org/docs/NSS/NSS_3.15.3_release_notes

security.gentoo.org/glsa/201504-01

7 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for PRION:CVE-2013-5606