5 - CVE-2015-0206

Executive Summary

Informations
Name	CVE-2015-0206	First vendor Publication	2015-01-08
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.1j:::::::* cpe:2.3:a:openssl:openssl:1.0.1i:::::::* cpe:2.3:a:openssl:openssl:1.0.1h:::::::* cpe:2.3:a:openssl:openssl:1.0.1g:::::::* cpe:2.3:a:openssl:openssl:1.0.1f:::::::* cpe:2.3:a:openssl:openssl:1.0.1e:::::::* cpe:2.3:a:openssl:openssl:1.0.1d:::::::* cpe:2.3:a:openssl:openssl:1.0.1c:::::::* cpe:2.3:a:openssl:openssl:1.0.1b:::::::* cpe:2.3:a:openssl:openssl:1.0.1a:::::::* cpe:2.3:a:openssl:openssl:1.0.0o:::::::* cpe:2.3:a:openssl:openssl:1.0.0n:::::::* cpe:2.3:a:openssl:openssl:1.0.0m:::::::* cpe:2.3:a:openssl:openssl:1.0.0l:::::::* cpe:2.3:a:openssl:openssl:1.0.0k:::::::* cpe:2.3:a:openssl:openssl:1.0.0j:::::::* cpe:2.3:a:openssl:openssl:1.0.0i:::::::* cpe:2.3:a:openssl:openssl:1.0.0h:::::::* cpe:2.3:a:openssl:openssl:1.0.0g:::::::* cpe:2.3:a:openssl:openssl:1.0.0f:::::::* cpe:2.3:a:openssl:openssl:1.0.0e:::::::* cpe:2.3:a:openssl:openssl:1.0.0d:::::::* cpe:2.3:a:openssl:openssl:1.0.0c:::::::* cpe:2.3:a:openssl:openssl:1.0.0b:::::::* cpe:2.3:a:openssl:openssl:1.0.0a:::::::*	25

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-09-03	IAVM : 2015-B-0106 - Multiple Vulnerabilities in HP Version Control Repository Manager Severity : Category I - VMSKEY : V0061359

Snort® IPS/IDS

Date	Description
2019-10-01	OpenSSL DTLS duplicate record denial of service attempt RuleID : 51359 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL DTLS duplicate record denial of service attempt RuleID : 51358 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL DTLS duplicate record denial of service attempt RuleID : 51357 - Revision : 1 - Type : SERVER-OTHER
2019-10-01	OpenSSL DTLS duplicate record denial of service attempt RuleID : 51356 - Revision : 1 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date	Description
2016-03-29	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_6.nasl - Type : ACT_GATHER_INFO
2015-09-04	Name : The remote Linux host has an application installed that is affected by multip... File : hp_version_control_repo_manager_7_5_0_nix.nasl - Type : ACT_GATHER_INFO
2015-09-04	Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_7_5_0_0.nasl - Type : ACT_GATHER_INFO
2015-07-27	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-507.nasl - Type : ACT_GATHER_INFO
2015-07-22	Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_5.nasl - Type : ACT_GATHER_INFO
2015-05-27	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0946-1.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_21.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_60.nasl - Type : ACT_GATHER_INFO
2015-05-19	Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150310-ssl-nxos.nasl - Type : ACT_GATHER_INFO
2015-05-15	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_44.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote host is affected by multiple vulnerabilities. File : macosx_cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote host is affected by multiple vulnerabilities. File : cisco_anyconnect_3_1_7021.nasl - Type : ACT_GATHER_INFO
2015-03-13	Name : The remote host is affected by multiple vulnerabilities. File : mcafee_firewall_enterprise_SB10102.nasl - Type : ACT_GATHER_INFO
2015-02-18	Name : The remote AIX host has a version of OpenSSL installed that is affected by mu... File : aix_openssl_advisory12.nasl - Type : ACT_GATHER_INFO
2015-01-26	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-67.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0005.nasl - Type : ACT_GATHER_INFO
2015-01-23	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f9c388c5a25611e4992a7b2a515a1247.nasl - Type : ACT_GATHER_INFO
2015-01-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150121_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote Fedora host is missing a security update. File : fedora_2015-0601.nasl - Type : ACT_GATHER_INFO
2015-01-21	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0066.nasl - Type : ACT_GATHER_INFO
2015-01-16	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1k.nasl - Type : ACT_GATHER_INFO
2015-01-16	Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0p.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2459-1.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote Fedora host is missing a security update. File : fedora_2015-0512.nasl - Type : ACT_GATHER_INFO
2015-01-13	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-469.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-019.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3125.nasl - Type : ACT_GATHER_INFO
2015-01-12	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-009-01.nasl - Type : ACT_GATHER_INFO
2015-01-09	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4e536c14979111e4977dd050992ecde8.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938...
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363...
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71940
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://exchange.xforce.ibmcloud.com/vulnerabilities/99704
https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e31...
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://www.openssl.org/news/secadv_20150108.txt

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:44:30	Multiple Updates
2021-05-04 12:36:03	Multiple Updates
2021-04-22 01:43:46	Multiple Updates
2020-05-23 00:43:21	Multiple Updates
2017-10-20 09:23:00	Multiple Updates
2017-09-08 09:23:16	Multiple Updates
2017-01-03 09:23:03	Multiple Updates
2016-12-24 09:24:04	Multiple Updates
2016-12-22 09:23:41	Multiple Updates
2016-12-03 09:24:00	Multiple Updates
2016-10-26 09:22:44	Multiple Updates
2016-08-23 09:24:53	Multiple Updates
2016-08-09 09:24:04	Multiple Updates
2016-07-22 12:03:12	Multiple Updates
2016-04-27 01:39:34	Multiple Updates
2016-03-30 13:26:11	Multiple Updates
2015-10-23 09:23:18	Multiple Updates
2015-10-18 17:23:11	Multiple Updates
2015-09-05 13:31:54	Multiple Updates
2015-07-28 13:32:13	Multiple Updates
2015-07-24 13:29:18	Multiple Updates
2015-07-17 09:19:39	Multiple Updates
2015-06-04 09:27:15	Multiple Updates
2015-05-28 13:27:51	Multiple Updates
2015-05-20 13:29:05	Multiple Updates
2015-05-16 13:27:39	Multiple Updates
2015-04-17 09:27:56	Multiple Updates
2015-04-01 09:27:07	Multiple Updates
2015-03-31 13:29:13	Multiple Updates
2015-03-27 13:28:57	Multiple Updates
2015-03-27 09:27:25	Multiple Updates
2015-03-17 09:27:09	Multiple Updates
2015-03-14 13:25:41	Multiple Updates
2015-03-13 09:23:37	Multiple Updates
2015-03-12 09:24:35	Multiple Updates
2015-02-21 09:24:48	Multiple Updates
2015-02-19 13:24:56	Multiple Updates
2015-01-27 13:23:37	Multiple Updates
2015-01-24 13:23:52	Multiple Updates
2015-01-23 13:24:56	Multiple Updates
2015-01-22 13:25:02	Multiple Updates
2015-01-18 13:25:07	Multiple Updates
2015-01-17 05:28:29	Multiple Updates
2015-01-14 13:23:33	Multiple Updates
2015-01-13 13:23:44	Multiple Updates
2015-01-10 13:23:25	Multiple Updates
2015-01-09 21:23:29	Multiple Updates
2015-01-09 09:25:04	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	25
Sources(s)	31
IAVM(s)	1
Snort® Rule(s)	4
Nessus® Exploit(s)	32

	Related
7.1	MDVSA-2015:062
5	USN-2459-1
5	RHSA-2015:0066
5	MDVSA-2015:019
5	DSA-3125
5	cisco-sa-201503...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)

5 - CVE-2015-0206

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU