Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1491

Опубликовано: 04 фев. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7nssNot affected
Red Hat Enterprise Linux 5nssFixedRHSA-2014:124616.09.2014
Red Hat Enterprise Linux 6nsprFixedRHSA-2014:091722.07.2014
Red Hat Enterprise Linux 6nssFixedRHSA-2014:091722.07.2014
Red Hat Enterprise Linux 6nss-utilFixedRHSA-2014:091722.07.2014
RHEV 3.X Hypervisor and Agents for RHEL-6rhev-hypervisor6FixedRHSA-2014:097929.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358
https://bugzilla.redhat.com/show_bug.cgi?id=1060955nss: Do not allow p-1 as a public DH value (MFSA 2014-12)

EPSS

Процентиль: 69%
0.00607
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1491

ubuntu
больше 11 лет назад

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

nvd логотип

CVE-2014-1491

nvd
больше 11 лет назад

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

debian логотип

CVE-2014-1491

debian
больше 11 лет назад

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozi ...

github логотип

GHSA-v496-3mj8-fpc6

github
больше 3 лет назад

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

oracle-oval логотип

ELSA-2014-1246

oracle-oval
почти 11 лет назад

ELSA-2014-1246: nss and nspr security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 69%
0.00607
Низкий

4.3 Medium

CVSS2