6 matches found
Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0291)
The sigalgs implementation in t1lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash by using an invalid signaturealgorithms extension in the ClientHello message during a renegotiation. This plugin only works with...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN b-type Switches
Summary OpenSSL issues from March 2015 containing 12 CVE were disclosed. This bulletin addresses the vulnerabilities that have been referred to as Open SSL used by IBM SAN b-type Switches. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Switches and Directors.
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0291 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By connecting to a...
Security Bulletin: Vulnerabilities in OpenSSL including ClientHello DoS affect Multiple N series Products
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. This includes OpenSSL ClientHello sigalgs DoS CVE-2015-0291. OpenSSL is used by Multiple N series Products. Multiple N series Products have addressed the applicable CVEs. Vulnerability Details CVEID:...
Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)
According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...
CVE-2015-0291
OpenSSL 1.0.2 is affected by CVE-2015-0291 through the sigalgs implementation (t1_lib.c). A crafted invalid signature_algorithms extension in a ClientHello during renegotiation can cause a NULL pointer dereference, leading to a denial of service (daemon crash). The concrete vulnerable condition i...