ID CVE-2018-12384
Summary When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.16.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.23:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.24:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.27.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.28.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.28.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.29.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.29.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.31:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.32:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.33:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.34:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.34.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.34.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.35:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.36.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.36.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.37.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.37.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.38:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.38:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2019 - 18:15)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1622089
    title CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment nss is earlier than 0:3.36.0-7.el7_5
          oval oval:com.redhat.rhsa:tst:20182768005
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-devel is earlier than 0:3.36.0-7.el7_5
          oval oval:com.redhat.rhsa:tst:20182768011
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.36.0-7.el7_5
          oval oval:com.redhat.rhsa:tst:20182768013
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss-sysinit is earlier than 0:3.36.0-7.el7_5
          oval oval:com.redhat.rhsa:tst:20182768009
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
      • AND
        • comment nss-tools is earlier than 0:3.36.0-7.el7_5
          oval oval:com.redhat.rhsa:tst:20182768007
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
    rhsa
    id RHSA-2018:2768
    released 2018-09-25
    severity Moderate
    title RHSA-2018:2768: nss security update (Moderate)
  • bugzilla
    id 1622089
    title CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment nss is earlier than 0:3.36.0-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182898011
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-devel is earlier than 0:3.36.0-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182898005
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.36.0-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182898009
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss-sysinit is earlier than 0:3.36.0-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182898013
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
      • AND
        • comment nss-tools is earlier than 0:3.36.0-9.el6_10
          oval oval:com.redhat.rhsa:tst:20182898007
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
    rhsa
    id RHSA-2018:2898
    released 2018-10-09
    severity Moderate
    title RHSA-2018:2898: nss security update (Moderate)
rpms
  • nss-0:3.36.0-7.el7_5
  • nss-devel-0:3.36.0-7.el7_5
  • nss-pkcs11-devel-0:3.36.0-7.el7_5
  • nss-sysinit-0:3.36.0-7.el7_5
  • nss-tools-0:3.36.0-7.el7_5
  • nss-0:3.36.0-9.el6_10
  • nss-devel-0:3.36.0-9.el6_10
  • nss-pkcs11-devel-0:3.36.0-9.el6_10
  • nss-sysinit-0:3.36.0-9.el6_10
  • nss-tools-0:3.36.0-9.el6_10
refmap via4
confirm https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384
Last major update 16-10-2019 - 18:15
Published 29-04-2019 - 15:29
Back to Top