Lucene search

K
opensslOpenSSLOPENSSL:CVE-2015-1787
HistoryMar 19, 2015 - 12:00 a.m.

Vulnerability in OpenSSL CVE-2015-1787

2015-03-1900:00:00
www.openssl.org
18

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

7.7

Confidence

High

EPSS

0.2

Percentile

96.4%

Empty CKE with client auth and DHE. If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

7.7

Confidence

High

EPSS

0.2

Percentile

96.4%