[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-3197

Date: (C)2016-02-29   (M)2017-10-26 


ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1034849
BID-82237
BID-91787
FEDORA-2016-527018d2ff
GLSA-201601-05
SUSE-SU-2016:0617
SUSE-SU-2016:0620
SUSE-SU-2016:0621
SUSE-SU-2016:0624
SUSE-SU-2016:0631
SUSE-SU-2016:0641
SUSE-SU-2016:0678
SUSE-SU-2016:1057
VU#257823
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www.openssl.org/news/secadv/20160128.txt
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
openSUSE-SU-2016:0628
openSUSE-SU-2016:0637
openSUSE-SU-2016:0638
openSUSE-SU-2016:0640
openSUSE-SU-2016:0720
openSUSE-SU-2016:1239
openSUSE-SU-2016:1241

CPE    34
cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.53
cpe:/a:oracle:tuxedo:12.1.1.0
cpe:/a:openssl:openssl:1.0.1m
cpe:/a:openssl:openssl:1.0.2a
...
CWE    1
CWE-310
OVAL    24
oval:org.secpod.oval:def:32715
oval:org.secpod.oval:def:110097
oval:org.secpod.oval:def:33775
oval:org.secpod.oval:def:1600367
...

© 2013 SecPod Technologies