CVE-2015-3276

high-risk

Published 2015-12-07

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Openldap

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Hpc Node

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Affected Vendors

Oracle Openldap Redhat

References (8)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-2131.html

Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h...

Broken Link http://www.securitytracker.com/id/1034221

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1238322

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-2131.html

Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h...

Broken Link http://www.securitytracker.com/id/1034221

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1238322

/ 100

high-risk

Severity 26/34 · High

Exploitability 5/34 · Minimal

Exposure 19/34 · Moderate