CVE-2015-2318

Published: Jan 8, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-2547-1

vendor-advisory

x_refsource_UBUNTU

https://mitls.org/pages/attacks/SMACK#skip

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1202869

x_refsource_CONFIRM

73253

vdb-entry

x_refsource_BID

[oss-security] 20150317 Re: Mono TLS vulnerabilities

mailing-list

x_refsource_MLIST

http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/

x_refsource_CONFIRM

DSA-3202

vendor-advisory

x_refsource_DEBIAN

https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-2318

Description

Affected Products

References