A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.

f5 2

hackerone 1

nessus 47

ibm 34

openvas 43

prion 2

veracode 2

slackware 1

freebsd_advisory 1

debiancve 1

osv 1

debian 1

ubuntucve 1

cve 2

openwrt 3

freebsd 1

fedora 3

thn 1

altlinux 4

aix 1

cert 1

nodejsblog 2

redhat 11

cisco 1

mageia 1

symantec 1

seebug 1

openssl 1

archlinux 2

kaspersky 1

centos 3

oraclelinux 4

amazon 2

nmap 1

gentoo 1

suse 13

arista 1

SOL33209124 - OpenSSL vulnerability CVE-2015-3197

2016-01-28 00:00:00

K33209124 : OpenSSL vulnerability CVE-2015-3197

2016-01-29 00:00:00

hackerone

Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

2016-09-07 17:41:26

nessus

Debian DLA-421-1 : openssl security update

2016-02-22 00:00:00

openSUSE Security Update : openssl (openSUSE-2016-154)

2016-02-08 00:00:00

openSUSE Security Update : openssl (openSUSE-2016-203)

2016-02-15 00:00:00

ibm

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-3197 )

2021-06-08 22:18:27

Security Bulletin: Vulnerabilities in OpenSSL affect WebSphere Cast Iron Cloud Integration (CVE-2015-3197)

2019-11-18 13:57:34

Security Bulletin: : Vulnerabilities in OpenSSL affect IBM Security Guardium (CVE-2015-3197)

2018-06-16 21:42:56

openvas

Oracle Virtualbox Unspecified Vulnerability-02 (Apr 2016) - Linux

2016-04-25 00:00:00

Debian: Security Advisory (DLA-421-1)

2023-03-08 00:00:00

Extreme ExtremeXOS OpenSSL Vulnerability (VN-2016-002)

2016-11-29 00:00:00

prion

Design/Logic Flaw

2016-02-15 02:59:00

Design/Logic Flaw

2016-01-29 11:59:00

veracode

Cipher Bypass

2017-02-10 00:52:27

Cipher Bypass

2019-01-15 09:10:14

slackware

[slackware-security] openssl

2016-02-04 00:06:23

freebsd_advisory

FreeBSD-SA-16:11.openssl

2016-01-30 00:00:00

debiancve

CVE-2015-3197

2016-02-15 02:59:00

osv

openssl - security update

2016-02-20 00:00:00

debian

[SECURITY] [DLA 421-1] openssl security update

2016-02-20 12:34:52

ubuntucve

CVE-2015-3197

2016-01-28 00:00:00

cve

CVE-2015-3197

2016-02-15 02:59:00

CVE-2016-3197

2016-01-29 11:59:00

openwrt

openssl: Security update (2 CVEs)

2016-01-29 15:48:20

openssl: Security update (2 CVEs)

2016-01-28 20:32:02

openssl: Security update (9 CVEs)

2016-03-01 16:52:09

freebsd

openssl -- multiple vulnerabilities

2016-01-22 00:00:00

fedora

[SECURITY] Fedora 23 Update: openssl-1.0.2f-1.fc23

2016-01-30 18:23:36

[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23

2016-05-21 00:02:56

[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24

2016-05-16 17:21:44

thn

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

2016-01-28 22:01:00

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2f-alt1

2016-01-28 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.2f-alt1

2016-01-28 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.1r-alt0.M70P.1

2016-01-28 00:00:00

aix

Vulnerabilities in OpenSSL affect AIX

2016-03-02 08:43:07

cert

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

2016-01-28 00:00:00

nodejsblog

OpenSSL upgrade low-severity Node.js security fixes

2016-01-27 00:00:00

February 2016 Security Release Summary

2016-02-09 00:00:00

redhat

(RHSA-2016:0305) Important: openssl security update

2016-03-01 00:00:00

(RHSA-2016:0302) Important: openssl security update

2016-03-01 00:00:00

(RHSA-2016:0445) Important: Red Hat JBoss Web Server 2.1.0 OpenSSL security update

2016-03-14 16:34:51

cisco

Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products

2016-01-29 16:00:00

mageia

Updated openssl packages fix security vulnerabilities

2016-02-09 16:05:25

symantec

SA111 : OpenSSL Vulnerabilities 28-Jan-2016

2016-02-18 08:00:00

seebug

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

2016-03-02 00:00:00

openssl

Vulnerability in OpenSSL CVE-2016-0800

2016-03-01 00:00:00

archlinux

openssl: man-in-the-middle

2016-01-29 00:00:00

lib32-openssl: man-in-the-middle

2016-01-29 00:00:00

kaspersky

KLA10798 Multiple vulnerabilities at Oracle VM VirtualBox

2016-04-19 00:00:00

centos

openssl security update

2016-03-01 16:57:33

openssl security update

2016-03-01 16:09:29

openssl098e security update

2016-03-09 05:32:33

oraclelinux

openssl security update

2016-03-01 00:00:00

openssl security update

2016-03-01 00:00:00

openssl098e security update

2016-03-09 00:00:00

amazon

Important: openssl098e

2016-04-06 14:40:00

Important: openssl

2016-03-10 16:30:00

nmap

sslv2-drown NSE Script

2016-07-07 16:35:39

gentoo

OpenSSL: Multiple vulnerabilities

2016-01-29 00:00:00

suse

Security update for openssl (important)

2016-03-11 14:14:22

Security update for openssl (important)

2016-03-03 15:11:31

Security update for compat-openssl097g (important)

2016-03-02 18:12:06

arista

Security Advisory 0018

2016-03-01 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.8%

JSON

Related for OPENSSL:CVE-2015-3197