Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2235

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-2235
Last Modified 09 Mar 2015 01:53:29
Published 06 Mar 2015 09:59:10
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2235

Summary

Secure Transport in Apple iOS through 8.1.3, Apple OS X through 10.10.2, and Apple TV through 7.0.3 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.

Vulnerable Systems

Operating System

  • Apple Iphone Os 8.1.3

  • Apple Mac Os X 10.10.2

Application

  • Apple Tv 7.0.3


References

MISC - https://freakattack.com/


Last Updated: 27 May 2016 11:08:00