Lucene search

PRIOn knowledge basePRION:CVE-2014-8275

HistoryJan 09, 2015 - 2:59 a.m.

Code injection

2015-01-0902:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.12 Low

EPSS

Percentile

95.2%

JSON

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate’s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

CPENameOperatorVersion
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.99
openssleq1.0.105
openssleq1.0.1104
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101

Name	Operator	Version
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.1104
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101

Rows per page:

1-10 of 261

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

rhn.redhat.com/errata/RHSA-2015-0066.html

rhn.redhat.com/errata/RHSA-2015-0800.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

www.debian.org/security/2015/dsa-3125

www.mandriva.com/security/advisories?name=MDVSA-2015:019

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/71935

www.securitytracker.com/id/1033378

bto.bluecoat.com/security-advisory/sa88

github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e

github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b

kc.mcafee.com/corporate/index?page=content&id=SB10102

kc.mcafee.com/corporate/index?page=content&id=SB10108

lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

marc.info/?l=bugtraq&m=142496179803395&w=2

marc.info/?l=bugtraq&m=142496289803847&w=2

marc.info/?l=bugtraq&m=142720981827617&w=2

marc.info/?l=bugtraq&m=142721102728110&w=2

marc.info/?l=bugtraq&m=142895206924048&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050205101530&w=2

marc.info/?l=bugtraq&m=144050254401665&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

support.apple.com/HT204659

support.citrix.com/article/CTX216642

www.openssl.org/news/secadv_20150108.txt

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.12 Low

EPSS

Percentile

95.2%

JSON

Related for PRION:CVE-2014-8275