Vulnerability Change Records for CVE-2015-1637

Change History

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:*

CVE Modified by Source 3/25/2015 10:1:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1031833

Modified Analysis 3/12/2015 10:25:17 AM

Action Type Old Value New Value
Changed Reference Type
http://technet.microsoft.com/security/bulletin/MS15-031 No Types Assigned
http://technet.microsoft.com/security/bulletin/MS15-031 Advisory
Changed Reference Type
https://freakattack.com/ No Types Assigned
https://freakattack.com/ Advisory

CPE Deprecation Remap 5/08/2019 6:11:29 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
OR
     *cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x86:*

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:standard:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:essentials:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*

CVE Modified by Microsoft Corporation 4/07/2021 1:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://web.archive.org/web/20150321220028/https://freakattack.com/ [No Types Assigned]

CVE Modified by Microsoft Corporation 1/02/2017 9:59:48 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/72965 [No Types Assigned]

CPE Deprecation Remap 5/08/2019 6:3:15 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:datacenter:*:*:*
OR
     *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*

CVE Modified by Microsoft Corporation 10/12/2018 6:8:32 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 [No Types Assigned]
Removed Reference
http://technet.microsoft.com/security/bulletin/MS15-031 [Vendor Advisory]

								
						

Modified Analysis 3/27/2015 3:39:00 AM

Action Type Old Value New Value
Changed CVSS V2
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
(AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE Modified by Source 3/09/2015 10:0:22 PM

Action Type Old Value New Value
Changed Description
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue.
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-2235.
Added Reference

								
							
							
						
https://freakattack.com/

CVE Modified by Source 3/11/2015 10:2:45 PM

Action Type Old Value New Value
Changed Description
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-2235.
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.
Added Reference

								
							
							
						
http://technet.microsoft.com/security/bulletin/MS15-031

Modified Analysis 3/06/2015 10:37:34 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:datacenter:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:essentials:*:*:*
          *cpe:2.3:o:microsoft:windows_server_2012:r2:-:-:*:standard:*:*:*
          *cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
          *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x64:*
          *cpe:2.3:o:microsoft:windows_8.1:-:-:-:*:-:-:x86:*
          *cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Added CWE

								
							
							
						
CWE-310
Changed Reference Type
https://technet.microsoft.com/library/security/3046015 No Types Assigned
https://technet.microsoft.com/library/security/3046015 Advisory

Initial CVE Analysis 3/06/2015 1:42:34 PM

Action Type Old Value New Value