Executive Summary
Summary | |
---|---|
Title | OpenSSL: Alternate chains certificate forgery |
Informations | |||
---|---|---|---|
Name | GLSA-201507-15 | First vendor Publication | 2015-07-10 |
Vendor | Gentoo | Last vendor Modification | 2015-07-10 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Certain checks on untrusted certificates can be bypassed. Background Description Impact Workaround Resolution References Availability https://security.gentoo.org/glsa/201507-15 |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201507-15.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-254 | Security Features |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:29158 | |||
Oval ID: | oval:org.mitre.oval:def:29158 | ||
Title: | HP-UX OpenSSL Vulnerability (Alternative Chain Certificate Forgery) | ||
Description: | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2015-1793 | Version: | 1 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 2 | |
Application | 3 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-08-27 | IAVM : 2015-A-0203 - Multiple Cisco Products Certificate Forgery Vulnerability Severity : Category I - VMSKEY : V0061345 |
2015-07-09 | IAVM : 2015-A-0144 - OpenSSL Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0061067 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-08-20 | OpenSSL alternative chains certificate forgery attempt RuleID : 35307 - Revision : 2 - Type : SERVER-OTHER |
2015-08-11 | OpenSSL anomalous x509 certificate with default org name and certificate chai... RuleID : 35111 - Revision : 5 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-24 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_5_4.nasl - Type : ACT_GATHER_INFO |
2016-01-21 | Name : The remote host has an enterprise management application installed that is af... File : oracle_enterprise_manager_jan_2016_cpu.nasl - Type : ACT_GATHER_INFO |
2015-12-21 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2303-1.nasl - Type : ACT_GATHER_INFO |
2015-12-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-889.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote host is missing one or more security updates. File : mysql_5_6_26_rpm.nasl - Type : ACT_GATHER_INFO |
2015-10-22 | Name : The remote database server is affected by multiple vulnerabilities. File : mysql_5_6_27.nasl - Type : ACT_GATHER_INFO |
2015-09-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201507-15.nasl - Type : ACT_GATHER_INFO |
2015-09-23 | Name : The management application installed on the remote host is affected by a cert... File : cisco-sa-CSCuv26213-prsm.nasl - Type : ACT_GATHER_INFO |
2015-09-23 | Name : The remote security device is missing a vendor-supplied security patch. File : cisco-sa-CSCuv26213-asa-cx.nasl - Type : ACT_GATHER_INFO |
2015-08-28 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20150710-openssl-VSG.nasl - Type : ACT_GATHER_INFO |
2015-08-21 | Name : The remote web server is running an application that is affected by multiple ... File : splunk_625.nasl - Type : ACT_GATHER_INFO |
2015-08-20 | Name : The remote application is affected by a certificate validation bypass vulnera... File : securitycenter_openssl_1_0_1p.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11475.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote Fedora host is missing a security update. File : fedora_2015-11414.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-190-01.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_075952fe267e11e59d033c970e169bc2.nasl - Type : ACT_GATHER_INFO |
2015-07-13 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-564.nasl - Type : ACT_GATHER_INFO |
2015-07-09 | Name : The remote host is affected by multiple vulnerabilities. File : openssl_1_0_2d.nasl - Type : ACT_GATHER_INFO |
2015-07-09 | Name : The remote host is affected by multiple vulnerabilities. File : openssl_1_0_1p.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-22 09:26:19 |
|
2015-09-24 13:24:34 |
|
2015-07-10 17:30:01 |
|
2015-07-10 17:25:34 |
|