[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-0205Date: (C)2015-01-13   (M)2024-02-22


The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1033378
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
BID-71941
BID-91787
DSA-3125
FEDORA-2015-0512
FEDORA-2015-0601
HPSBHF03289
HPSBMU03380
HPSBMU03396
HPSBMU03397
HPSBMU03409
HPSBMU03413
MDVSA-2015:019
MDVSA-2015:062
RHSA-2015:0066
SUSE-SU-2015:0578
SUSE-SU-2015:0946
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://bto.bluecoat.com/security-advisory/sa88
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://support.citrix.com/article/CTX216642
https://www.openssl.org/news/secadv_20150108.txt
openSUSE-SU-2015:0130
openSUSE-SU-2015:1277
openssl-cve20150205-sec-bypass(99708)

CPE    25
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0j
cpe:/a:openssl:openssl:1.0.0i
...
CWE    1
CWE-310
OVAL    14
oval:org.secpod.oval:def:1200139
oval:org.secpod.oval:def:23127
oval:org.secpod.oval:def:601907
oval:org.secpod.oval:def:203542
...

© SecPod Technologies