High severity8.1NVD Advisory· Published Sep 21, 2016· Updated May 6, 2026

CVE-2015-8960

Description

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Affected products

Ietf/Transport Layer Security
cpe:2.3:a:ietf:transport_layer_security:*:*:*:*:*:*:*:*
Range: <=1.2
NetApp/Clustered Data Ontap Antivirus Connector
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
NetApp/Data Ontap Edge
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
NetApp/Host Agent
cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*
NetApp/Oncommand Shift
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp/Plug In For Symantec Netbackup
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp/Smi S Provider
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
NetApp/Snap Creator Framework
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
NetApp/Snapdrive2 versions
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*+ 1 more
- cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
- cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
NetApp/Snapmanager2 versions
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp/Snapprotect
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
NetApp/Solidfire \& Hci Management Node
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
NetApp/System Setup
cpe:2.3:a:netapp:system_setup:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kcitls.orgnvdExploitTechnical Description
www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdfnvdExploitMitigationTechnical Description
twitter.com/matthew_d_green/statuses/630908726950674433nvdPress/Media CoverageTechnical DescriptionThird Party Advisory
www.openwall.com/lists/oss-security/2016/09/20/4nvdMailing ListTechnical DescriptionThird Party Advisory
www.securityfocus.com/bid/93071nvdBroken LinkThird Party AdvisoryVDB Entry
security.netapp.com/advisory/ntap-20180626-0002/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000