CVE-2015-1791
8.2 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.471 Medium
EPSS
Percentile
97.4%
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
References
fortiguard.com/advisory/openssl-vulnerabilities-june-2015
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
marc.info/?l=bugtraq&m=143880121627664&w=2
marc.info/?l=bugtraq&m=144050155601375&w=2
rhn.redhat.com/errata/RHSA-2015-1115.html
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
www-304.ibm.com/support/docview.wss?uid=swg21960041
www.debian.org/security/2015/dsa-3287
www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
www.securityfocus.com/bid/75161
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1032479
www.ubuntu.com/usn/USN-2639-1
bto.bluecoat.com/security-advisory/sa98
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965
kc.mcafee.com/corporate/index?page=content&id=SB10122
openssl.org/news/secadv/20150611.txt
security.gentoo.org/glsa/201506-02
support.apple.com/kb/HT205031
support.citrix.com/article/CTX216642
www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11
www.openssl.org/news/secadv_20150611.txt
Social References
More
Related
8.2 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.471 Medium
EPSS
Percentile
97.4%