ID CVE-2018-12384
Summary When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.23:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.24:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.31:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.32:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.33:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.34:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.34.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.34.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.35:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.38:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.38:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-335
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1622089
    title CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment nss is earlier than 0:3.36.0-7.el7_5
            oval oval:com.redhat.rhsa:tst:20182768001
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364006
        • AND
          • comment nss-devel is earlier than 0:3.36.0-7.el7_5
            oval oval:com.redhat.rhsa:tst:20182768003
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364008
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.36.0-7.el7_5
            oval oval:com.redhat.rhsa:tst:20182768005
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364010
        • AND
          • comment nss-sysinit is earlier than 0:3.36.0-7.el7_5
            oval oval:com.redhat.rhsa:tst:20182768007
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364012
        • AND
          • comment nss-tools is earlier than 0:3.36.0-7.el7_5
            oval oval:com.redhat.rhsa:tst:20182768009
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364014
    rhsa
    id RHSA-2018:2768
    released 2018-09-25
    severity Moderate
    title RHSA-2018:2768: nss security update (Moderate)
  • bugzilla
    id 1622089
    title CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment nss is earlier than 0:3.36.0-9.el6_10
            oval oval:com.redhat.rhsa:tst:20182898001
          • comment nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364006
        • AND
          • comment nss-devel is earlier than 0:3.36.0-9.el6_10
            oval oval:com.redhat.rhsa:tst:20182898003
          • comment nss-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364008
        • AND
          • comment nss-pkcs11-devel is earlier than 0:3.36.0-9.el6_10
            oval oval:com.redhat.rhsa:tst:20182898005
          • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364010
        • AND
          • comment nss-sysinit is earlier than 0:3.36.0-9.el6_10
            oval oval:com.redhat.rhsa:tst:20182898007
          • comment nss-sysinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364012
        • AND
          • comment nss-tools is earlier than 0:3.36.0-9.el6_10
            oval oval:com.redhat.rhsa:tst:20182898009
          • comment nss-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20150364014
    rhsa
    id RHSA-2018:2898
    released 2018-10-09
    severity Moderate
    title RHSA-2018:2898: nss security update (Moderate)
rpms
  • nss-0:3.36.0-7.el7_5
  • nss-debuginfo-0:3.36.0-7.el7_5
  • nss-devel-0:3.36.0-7.el7_5
  • nss-pkcs11-devel-0:3.36.0-7.el7_5
  • nss-sysinit-0:3.36.0-7.el7_5
  • nss-tools-0:3.36.0-7.el7_5
  • nss-0:3.36.0-9.el6_10
  • nss-debuginfo-0:3.36.0-9.el6_10
  • nss-devel-0:3.36.0-9.el6_10
  • nss-pkcs11-devel-0:3.36.0-9.el6_10
  • nss-sysinit-0:3.36.0-9.el6_10
  • nss-tools-0:3.36.0-9.el6_10
refmap via4
confirm https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384
misc https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Last major update 24-08-2020 - 17:37
Published 29-04-2019 - 15:29
Last modified 24-08-2020 - 17:37
Back to Top