CVE-2015-8960

high

Published 2016-09-21 · Modified 2026-05-06

CVSS v3

8.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.8

VIR risk

8.1

Description

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Predictions

Exploit likelihood

88%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2015-8960.html

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions
ietf	transport_layer_security	`{"endIncluding":"1.2"}`
apple	safari	`-`
google	chrome	`-`
microsoft	internet_explorer	`-`
mozilla	firefox	`-`
opera	opera_browser	`-`
netapp	clustered_data_ontap_antivirus_connector	`-`
netapp	data_ontap_edge	`-`
netapp	host_agent	`-`
netapp	oncommand_shift	`-`
netapp	plug-in_for_symantec_netbackup	`-`
netapp	smi-s_provider	`-`
netapp	snap_creator_framework	`-`
netapp	snapdrive	`-`
netapp	snapmanager	`-`
netapp	snapprotect	`-`
netapp	solidfire_\&_hci_management_node	`-`
netapp	system_setup	`-`

References

CWEs

CWE-295

Verify integrity in audit chain (admin only). AS-IS.