Описание
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | nss | Out of support scope | ||
| Red Hat Enterprise Linux 6 | nss | Out of support scope | ||
| Red Hat Enterprise Linux 7 | nspr | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | nss | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | nss-softokn | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | nss-util | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | nspr | Fixed | RHSA-2019:1951 | 30.07.2019 |
| Red Hat Enterprise Linux 8 | nss | Fixed | RHSA-2019:1951 | 30.07.2019 |
| Red Hat OpenShift Do | openshiftdo/odo-init-image-rhel7 | Fixed | RHSA-2021:0949 | 22.03.2021 |
Показывать по
Дополнительная информация
Статус:
3.4 Low
CVSS3
Связанные уязвимости
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
A vulnerability exists where it possible to force Network Security Ser ...
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
Уязвимость браузера Firefox, связанная с ошибкой службы сетевой безопасности CertificateVerify, позволяющая нарушителю оказать воздействие на целостность данных
3.4 Low
CVSS3