6 matches found
K41738501: Mozilla NSS vulnerability CVE-2018-12384
Security Advisory Description When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not...
CVE-2018-12384
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...
NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131)
The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this fla...
Amazon Linux 2 : nss (ALAS-2018-1095)
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Amazon Linux AMI : nss (ALAS-2018-1095)
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.CVE-2018-12384 C Tenable Network Security, Inc. The descriptive text and package checks in this...
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...