CVE-2015-2318
Description
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a SMACK SKIP-TLS issue.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.29
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mono is a platform for running and developing applications (USN-2547-1) mono-runtime_2.10.8.1-1ubuntu2.3_i386.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) mono-runtime_2.10.8.1-1ubuntu2.3_amd64.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) mono-runtime_3.2.8+dfsg-4ubuntu1.1_i386.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) mono-runtime_3.2.8+dfsg-4ubuntu1.1_amd64.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) libmono-2.0-1_2.10.8.1-1ubuntu2.3_i386.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) libmono-2.0-1_2.10.8.1-1ubuntu2.3_amd64.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) libmono-2.0-1_3.2.8+dfsg-4ubuntu1.1_i386.deb | Linux |
| Mono is a platform for running and developing applications (USN-2547-1) libmono-2.0-1_3.2.8+dfsg-4ubuntu1.1_amd64.deb | Linux |
| Mono-complete 3.2.8 dfsg-4ubuntu1.1 for Ubuntu 14.04 LTS (x64) mono-complete_3.2.8+dfsg-4ubuntu1.1_amd64.deb | Linux |
| Mono-complete 3.2.8 dfsg-4ubuntu1.1 for Ubuntu 14.04 LTS mono-complete_3.2.8+dfsg-4ubuntu1.1_i386.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234