CVE-2016-9574 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
mozilla	network_security_services	𝑥 < 3.30

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nss

bullseye	2:3.61-1+deb11u3 fixed
bullseye (security)	2:3.61-1+deb11u4 fixed
bookworm	2:3.87.1-1 fixed
sid	2:3.105-2 fixed
trixie	2:3.105-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

nss

zesty	not-affected
yakkety	not-affected
xenial	not-affected
trusty	not-affected
precise	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-325 - Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
CWE-384 - Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1320695

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574

https://bugzilla.mozilla.org/show_bug.cgi?id=1320695

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574