Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1007-1
HistoryOct 20, 2010 - 12:00 a.m.

NSS vulnerabilities

2010-10-2000:00:00
ubuntu.com
57

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04

Packages

  • nspr - NetScape Portable Runtime Library
  • nss - Network Security Service libraries

Details

Richard Moore discovered that NSS would sometimes incorrectly match an SSL
certificate which had a Common Name that used a wildcard followed by a partial
IP address. While it is very unlikely that a Certificate Authority would issue
such a certificate, if an attacker were able to perform a machine-in-the-middle
attack, this flaw could be exploited to view sensitive information.
(CVE-2010-3170)

Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode
(DHE) key exchange implementation which allowed servers to use a too small
key length. (CVE-2010-3173)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibnss3-1d< 3.12.8-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-0d< 3.12.8-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-1d-dbg< 3.12.8-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-dev< 3.12.8-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.10noarchlibnss3-tools< 3.12.8-0ubuntu0.9.10.1UNKNOWN
Ubuntu9.04noarchlibnss3-1d< 3.12.8-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibnss3-0d< 3.12.8-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibnss3-1d-dbg< 3.12.8-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibnss3-dev< 3.12.8-0ubuntu0.9.04.1UNKNOWN
Ubuntu9.04noarchlibnss3-tools< 3.12.8-0ubuntu0.9.04.1UNKNOWN
Rows per page:
1-10 of 251

Related

osv 1
debian 3
nessus 48
openvas 49
fedora 9
prion 2
ubuntucve 2
oraclelinux 3
debiancve 2
cve 2
redhat 3
veracode 2
securityvulns 3
mozilla 2
centos 2
freebsd 1
suse 2
vmware 2
gentoo 1
osv
osv
nss - cryptographic weaknesses
2010-11-01 00:00:00
debian
debian
BSA-009 Security Update for nss
2010-11-02 15:06:03
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
2010-11-01 19:45:41
BSA-009 Security Update for nss
2010-11-02 19:04:18
nessus
nessus
Debian DSA-2123-1 : nss - several vulnerabilities
2010-11-03 00:00:00
Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : nss vulnerabilities (USN-1007-1)
2010-10-21 00:00:00
Fedora 12 : nss-3.12.8-2.fc12 / nss-softokn-3.12.8-1.fc12 / nss-util-3.12.8-1.fc12 (2010-15989)
2010-11-05 00:00:00
openvas
openvas
Ubuntu Update for nss vulnerabilities USN-1007-1
2010-10-22 00:00:00
Debian Security Advisory DSA 2123-1 (nss)
2010-11-17 00:00:00
Debian Security Advisory DSA 2123-1 (nss)
2010-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: nss-softokn-3.12.8-1.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 14 Update: nss-3.12.8-2.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 13 Update: nss-3.12.8-2.fc13
2010-10-27 22:30:59
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
Design/Logic Flaw
2010-10-21 19:00:00
ubuntucve
ubuntucve
CVE-2010-3173
2010-10-20 00:00:00
CVE-2010-3170
2010-10-20 00:00:00
oraclelinux
oraclelinux
nss security update
2011-02-11 00:00:00
seamonkey security update
2010-10-20 00:00:00
firefox security update
2010-10-20 00:00:00
debiancve
debiancve
CVE-2010-3170
2010-10-21 19:00:00
CVE-2010-3173
2010-10-21 19:00:00
cve
cve
CVE-2010-3173
2010-10-21 19:00:00
CVE-2010-3170
2010-10-21 19:00:00
redhat
redhat
(RHSA-2010:0862) Low: nss security update
2010-11-10 00:00:00
(RHSA-2010:0781) Critical: seamonkey security update
2010-10-19 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
veracode
veracode
Insecure TLS Configuration
2020-04-10 00:53:00
Man-in-the-Middle (MitM)
2020-04-10 00:53:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-72
2010-10-23 00:00:00
Mozilla Foundation Security Advisory 2010-70
2010-10-23 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities
2010-10-23 00:00:00
mozilla
mozilla
Insecure Diffie-Hellman key exchange — Mozilla
2010-10-19 00:00:00
SSL wildcard certificate matching IP addresses — Mozilla
2010-10-19 00:00:00
centos
centos
seamonkey security update
2010-10-25 12:12:58
firefox, nss, xulrunner security update
2010-10-20 14:29:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

9.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON
Related for USN-1007-1
osv1debian3nessus48openvas49fedora9prion2ubuntucve2oraclelinux3debiancve2cve2redhat3veracode2securityvulns3mozilla2centos2freebsd1suse2vmware2gentoo1