Lucene search

PRIOn knowledge basePRION:CVE-2015-0205

HistoryJan 09, 2015 - 2:59 a.m.

Authentication flaw

2015-01-0902:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

CPENameOperatorVersion
openssleq1.0.1106
openssleq1.0.110
openssleq1.0.99
openssleq1.0.105
openssleq1.0.1104
openssleq1.0.109
openssleq1.0.199
openssleq1.0.1103
openssleq1.0.104
openssleq1.0.101

Name	Operator	Version
openssl	eq	1.0.1106
openssl	eq	1.0.110
openssl	eq	1.0.99
openssl	eq	1.0.105
openssl	eq	1.0.1104
openssl	eq	1.0.109
openssl	eq	1.0.199
openssl	eq	1.0.1103
openssl	eq	1.0.104
openssl	eq	1.0.101

Rows per page:

1-10 of 251

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

rhn.redhat.com/errata/RHSA-2015-0066.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

www.debian.org/security/2015/dsa-3125

www.mandriva.com/security/advisories?name=MDVSA-2015:019

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/bid/71941

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1033378

bto.bluecoat.com/security-advisory/sa88

exchange.xforce.ibmcloud.com/vulnerabilities/99708

github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

kc.mcafee.com/corporate/index?page=content&id=SB10102

kc.mcafee.com/corporate/index?page=content&id=SB10108

lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html

marc.info/?l=bugtraq&m=142721102728110&w=2

marc.info/?l=bugtraq&m=143748090628601&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

marc.info/?l=bugtraq&m=144050205101530&w=2

marc.info/?l=bugtraq&m=144050254401665&w=2

marc.info/?l=bugtraq&m=144050297101809&w=2

support.citrix.com/article/CTX216642

www.openssl.org/news/secadv_20150108.txt

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for PRION:CVE-2015-0205