CVE-2015-7575

Impact:
Moderate
Public Date:
2016-01-06
Bugzilla:
1289841: CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

Find out more about CVE-2015-7575 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (nss) RHSA-2016:0007 2016-01-07
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) RHSA-2016:0049 2016-01-20
Red Hat Enterprise Linux 7 (nss) RHSA-2016:0007 2016-01-07
Red Hat Enterprise Linux 7 (openssl) RHSA-2016:0008 2016-01-08
Red Hat Enterprise Linux 6 (openssl) RHSA-2016:0008 2016-01-08
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2016:0100 2016-02-02
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Red Hat Satellite 5.6 (RHEL v.5) (java-1.7.0-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux 7 (gnutls) RHSA-2016:0012 2016-01-08
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux 6 (gnutls) RHSA-2016:0012 2016-01-08
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) RHSA-2016:0098 2016-02-02
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) RHSA-2016:0050 2016-01-20
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2016:0053 2016-01-21

Affected Packages State

Platform Package State
Red Hat JBoss Web Server 3.0 openssl Will not fix
Red Hat JBoss EWS 2 openssl Not affected
Red Hat JBoss EWS 1 openssl Will not fix
Red Hat JBoss EAP 6 openssl Not affected
Red Hat Enterprise Linux 7 openssl098e Not affected
Red Hat Enterprise Linux 7 java-1.6.0-sun Not affected
Red Hat Enterprise Linux 6 java-1.6.0-sun Not affected
Red Hat Enterprise Linux 6 openssl098e Not affected
Red Hat Enterprise Linux 5 openssl Not affected
Red Hat Enterprise Linux 5 java-1.6.0-sun Not affected
Red Hat Enterprise Linux 5 openssl097a Not affected
Red Hat Enterprise Linux 5 nss Will not fix
Red Hat Enterprise Linux 5 gnutls Not affected

External References

Last Modified