CVE-2015-2320Improper Certificate Validation in Mono

CWE-295Improper Certificate Validation7 documents6 sources
Severity
9.8CRITICALNVD
OSV5.8
EPSS
4.8%
top 10.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MonoMono-project MonoDebian Mono+1 more
Timeline
PublishedJan 8
Latest updateMay 24

Description

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/mono< mono 3.2.8+dfsg-10 (bookworm)
NVDmono-project/mono< 3.12.1
Debianmono/mono< 3.2.8+dfsg-10+3
Ubuntumono/mono< 3.2.8+dfsg-4ubuntu1.1

Also affects: Debian Linux 7.0

🔴Vulnerability Details

3
GHSA
GHSA-h9v3-p9f8-rw7g: The TLS stack in Mono before 32022-05-24
OSV
CVE-2015-2320: The TLS stack in Mono before 32018-01-08
OSV
mono vulnerabilities2015-03-24

📋Vendor Advisories

2
Ubuntu
Mono vulnerabilities2015-03-24
Debian
CVE-2015-2320: mono - The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified ...2015

💬Community

1
Bugzilla
CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 mono: TLS implementation vulnerabilities2015-03-17