Not Failing Securely ('Failing Open') Affecting nss package, versions *
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
97.49% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-NSS-5879043
- published 26 Jul 2021
- disclosed 14 Oct 2014
How to fix?
There is no fixed version for Centos:7
nss
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream nss
package and not the nss
package as distributed by Centos
.
See How to fix?
for Centos:7
relevant fixed versions and status.
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
- APPLE
- APPLE
- APPLE
- APPLE
- APPLE
- APPLE
- APPLE
- BID
- CERT
- CERT-VN
- CISCO
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CVE-2014-3566
- DEBIAN
- DEBIAN
- DEBIAN
- DEBIAN
- DEBIAN
- FEDORA
- FEDORA
- FEDORA
- FEDORA
- FEDORA
- GENTOO
- GENTOO
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- HP
- MANDRIVA
- MANDRIVA
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- MLIST
- NETBSD
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- RHSA-2014:1877
- RHSA-2014:1880
- RHSA-2014:1881
- RHSA-2014:1882
- RHSA-2015:0067
- RHSA-2015:0069
- RHSA-2015:0085
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECTRACK
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SECUNIA
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- UBUNTU
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com
- secalert@redhat.com