CVE-2015-3277
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mod_nss_project | mod_nss | {"endIncluding":"1.0.10"} | |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1238324
- https://bugzilla.redhat.com/show_bug.cgi?id=1243518
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170607.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1238324
- https://bugzilla.redhat.com/show_bug.cgi?id=1243518
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.