CVE-2015-1637Microsoft Windows Server 2008 vulnerability

12 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
43.7%
top 2.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple Tvos+2 more
Timeline
PublishedMar 6
Latest updateMay 14

Description

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDapple/tvos7.0.3
NVDapple/mac_os_x10.10.2
NVDapple/iphone_os8.1.3

Patches

Patch: docs.microsoft.comPatch: technet.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2cqr-v8j2-59fq: Secure Transport in Apple iOS before 82022-05-14
GHSA
GHSA-h5m2-xvgx-vpw7: Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, W2022-05-13

🔍Detection Rules

1
Suricata
ET EXPLOIT FREAK Weak Export Suite From Server (CVE-2015-0204)2015-03-11

🕵️Threat Intelligence

6
Tenable
Verizon 2016 DBIR – Most Interesting Things2016-05-18
Tenable
Verizon 2016 DBIR – Most Common Vulnerabilities2016-05-18
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched2015-03-10
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched2015-03-10
Qualys
Patch Tuesday March 2015 | Qualys2015-03-10

💬Community

1
Bugzilla
CVE-2015-8380 pcre: OOB write when pcre_exec() is called with ovecsize of 1 (8.38/10)2015-11-25