CVE-2015-6112Improper Input Validation in Microsoft Windows Server 2008

CWE-20Improper Input ValidationCWE-3104 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
6.7%
top 8.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedNov 11
Latest updateMay 14

Description

SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Tripl

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-3x7v-wjr7-jrcm: SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - November 20152015-11-10
Talos
Microsoft Patch Tuesday - November 20152015-11-10