8 matches found
Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2015-1787)
The ssl3getclientkeyexchange function in s3srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service daemon crash via a ClientKeyExchange message with a length of zero. This plugi...
Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter. QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter have addressed the applicable...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches
Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches use OpenSSL and have addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by...
Authentication flaw
EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service daemon crash via a ClientKeyExchange messa...
OpenSSL DHE Client Key Exchange Denial of Service (CVE-2015-1787)
A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference that occurs when an OpenSSL application receives and processes a Client Certificate and a crafted Client Key Exchange handshake message.A remote, unauthenticated attacker can exploit this...
CVE-2015-1787
CVE-2015-1787 affects OpenSSL 1.0.2 before 1.0.2a, where the ssl3_get_client_key_exchange path (s3_srvr.c) can be triggered by a ClientKeyExchange message with zero length when client authentication and an ephemeral DH ciphersuite are enabled, causing a denial of service (daemon crash). Public ad...
lib32-openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...