Lucene search

[email protected]CVE-2015-1789

HistoryJun 12, 2015 - 7:59 p.m.

CVE-2015-1789

2015-06-1219:59:00

CWE-119

[email protected]

web.nvd.nist.gov

119

openssl

cve-2015-1789

x509_cmp_time

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.332 Low

EPSS

Percentile

97.0%

JSON

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

CPENameOperatorVersion
openssl:opensslopensslle0.9.8zf
openssl:opensslopenssleq1.0.1m
openssl:opensslopenssleq1.0.2a
openssl:opensslopenssleq1.0.1j
openssl:opensslopenssleq1.0.0n
openssl:opensslopenssleq1.0.1
openssl:opensslopenssleq1.0.0c
openssl:opensslopenssleq1.0.0i
openssl:opensslopenssleq1.0.0
openssl:opensslopenssleq1.0.1h

CPE	Name	Operator	Version
openssl:openssl	openssl	le	0.9.8zf
openssl:openssl	openssl	eq	1.0.1m
openssl:openssl	openssl	eq	1.0.2a
openssl:openssl	openssl	eq	1.0.1j
openssl:openssl	openssl	eq	1.0.0n
openssl:openssl	openssl	eq	1.0.1
openssl:openssl	openssl	eq	1.0.0c
openssl:openssl	openssl	eq	1.0.0i
openssl:openssl	openssl	eq	1.0.0
openssl:openssl	openssl	eq	1.0.1h

Rows per page:

1-10 of 371

References

fortiguard.com/advisory/openssl-vulnerabilities-june-2015

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

kb.juniper.net/InfoCenter/index?page=content&id=JSA10733

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html

lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

marc.info/?l=bugtraq&m=143654156615516&w=2

marc.info/?l=bugtraq&m=143880121627664&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

rhn.redhat.com/errata/RHSA-2015-1115.html

rhn.redhat.com/errata/RHSA-2015-1197.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

www.debian.org/security/2015/dsa-3287

www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015

www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/75156

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032564

www.ubuntu.com/usn/USN-2639-1

bto.bluecoat.com/security-advisory/sa98

cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965

kc.mcafee.com/corporate/index?page=content&id=SB10122

openssl.org/news/secadv/20150611.txt

security.gentoo.org/glsa/201506-02

support.apple.com/kb/HT205031

support.citrix.com/article/CTX216642

www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11

www.openssl.org/news/secadv_20150611.txt

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.332 Low

EPSS

Percentile

97.0%

JSON

CVE-2015-1789

References

Social References

Related