vulnerability
FreeBSD: VID-4084168e-b531-11e5-a98c-0011d823eebd: mbedTLS/PolarSSL -- SLOTH attack on TLS 1.2 server authentication
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jan 7, 2016 | Jan 8, 2016 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jan 7, 2016
Added
Jan 8, 2016
Modified
Dec 10, 2025
Description
ARM Limited reports: MD5 handshake signatures in TLS 1.2 are vulnerable to the SLOTH attack on TLS 1.2 server authentication. They have been disabled by default. Other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL.
Solutions
freebsd-upgrade-package-polarssl13freebsd-upgrade-package-mbedtls
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.