[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-1794

Date: (C)2015-12-15   (M)2017-10-12
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

Reference:
SECTRACK-1034294
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
SSA:2015-349-04
USN-2830-1
http://fortiguard.com/advisory/openssl-advisory-december-2015
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://openssl.org/news/secadv/20151203.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://git.openssl.org/?p=openssl.git;a=commit;h=ada57746b6b80beae73111fe1291bf8dd89af91c
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
openSUSE-SU-2016:0637

CPE    5
cpe:/a:openssl:openssl:1.0.2
cpe:/a:openssl:openssl:1.0.2b
cpe:/a:openssl:openssl:1.0.2a
cpe:/a:openssl:openssl:1.0.2d
...
CWE    1
CWE-189
OVAL    2
oval:org.secpod.oval:def:31681
oval:org.secpod.oval:def:702871

© 2013 SecPod Technologies