Lucene search

Veracode Vulnerability DatabaseVERACODE:23695

HistoryApr 10, 2020 - 12:33 a.m.

Spoofing Attack

2020-04-1000:33:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

nspr is vulnerable to spoofing attacks. Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default.

CPENameOperatorVersion
nsseq3.11.99.5__3.el4
nsseq3.11.5__3.el5
nsseq3.12.2.0__3.el4
nsseq3.12.1.1__3.el4
nsseq3.11.7__1.3.el5
nsseq3.12.1.1__1.el5
nsseq3.11.99.5__2.el5
nsseq3.12.1.1__1.el4
nsseq3.12.0.3__1.el5
nsseq3.12.2.0__1.el4

Name	Operator	Version
nss	eq	3.11.99.5__3.el4
nss	eq	3.11.5__3.el5
nss	eq	3.12.2.0__3.el4
nss	eq	3.12.1.1__3.el4
nss	eq	3.11.7__1.3.el5
nss	eq	3.12.1.1__1.el5
nss	eq	3.11.99.5__2.el5
nss	eq	3.12.1.1__1.el4
nss	eq	3.12.0.3__1.el5
nss	eq	3.12.2.0__1.el4

Rows per page:

1-10 of 1161

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html

java.sun.com/javase/6/webnotes/6u17.html

lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

secunia.com/advisories/36139

secunia.com/advisories/36157

secunia.com/advisories/36434

secunia.com/advisories/36669

secunia.com/advisories/36739

secunia.com/advisories/37386

secunia.com/advisories/42467

security.gentoo.org/glsa/glsa-200911-02.xml

security.gentoo.org/glsa/glsa-200912-01.xml

support.apple.com/kb/HT3937

www.debian.org/security/2009/dsa-1874

www.mandriva.com/security/advisories?name=MDVSA-2009:197

www.mandriva.com/security/advisories?name=MDVSA-2009:216

www.mandriva.com/security/advisories?name=MDVSA-2009:258

www.mandriva.com/security/advisories?name=MDVSA-2010:084

www.redhat.com/security/updates/classification/#critical

www.redhat.com/support/errata/RHSA-2009-1207.html

www.redhat.com/support/errata/RHSA-2009-1432.html

www.securityfocus.com/archive/1/515055/100/0/threaded

www.securitytracker.com/id?1022631

www.ubuntu.com/usn/usn-810-1

www.vmware.com/security/advisories/VMSA-2010-0019.html

www.vupen.com/english/advisories/2009/2085

www.vupen.com/english/advisories/2009/3184

www.vupen.com/english/advisories/2010/3126

access.redhat.com/errata/RHSA-2009:1184

bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594

rhn.redhat.com/errata/RHSA-2010-0095.html

usn.ubuntu.com/810-2/

www.debian.org/security/2009/dsa-1888

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:23695