Vulnerability Change Records for CVE-2015-1637

Change History

Modified Analysis 3/27/2015 3:39:00 AM

Action Type Old Value New Value
Changed CVSS V2
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:datacenter:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*

CVE Modified by Microsoft Corporation 4/07/2021 1:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://web.archive.org/web/20150321220028/https://freakattack.com/ [No Types Assigned]

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:essentials:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*

Initial CVE Analysis 3/06/2015 1:42:34 PM

Action Type Old Value New Value

CVE Modified by Source 3/25/2015 10:1:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1031833

Modified Analysis 3/12/2015 10:25:17 AM

Action Type Old Value New Value
Changed Reference Type
http://technet.microsoft.com/security/bulletin/MS15-031 No Types Assigned
http://technet.microsoft.com/security/bulletin/MS15-031 Advisory
Changed Reference Type
https://freakattack.com/ No Types Assigned
https://freakattack.com/ Advisory

Modified Analysis 5/14/2019 9:22:57 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
     *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
     *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
Removed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*
     *cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
     *cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

								
						
Changed Reference Type
http://www.securityfocus.com/bid/72965 No Types Assigned
http://www.securityfocus.com/bid/72965 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1031833 No Types Assigned
http://www.securitytracker.com/id/1031833 Third Party Advisory, VDB Entry
Changed Reference Type
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 No Types Assigned
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 Patch, Vendor Advisory
Changed Reference Type
https://technet.microsoft.com/library/security/3046015 Vendor Advisory
https://technet.microsoft.com/library/security/3046015 Patch, Vendor Advisory

CVE Modified by Microsoft Corporation 1/02/2017 9:59:48 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/72965 [No Types Assigned]

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*

CVE Modified by Source 3/09/2015 10:0:22 PM

Action Type Old Value New Value
Changed Description
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue.
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-2235.
Added Reference

								
							
							
						
https://freakattack.com/

CVE Modified by Microsoft Corporation 10/12/2018 6:8:32 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 [No Types Assigned]
Removed Reference
http://technet.microsoft.com/security/bulletin/MS15-031 [Vendor Advisory]

								
						

CVE Modified by Source 3/11/2015 10:2:45 PM

Action Type Old Value New Value
Changed Description
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-2235.
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.
Added Reference

								
							
							
						
http://technet.microsoft.com/security/bulletin/MS15-031

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:standard:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*