Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-8275

Published: 09/01/2015 Updated: 15/11/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Openssl

Vulnerability Summary

OpenSSL prior to 0.9.8zd, 1.0.0 prior to 1.0.0p, and 1.0.1 prior to 1.0.1k does not enforce certain constraints on certificate data, which allows remote malicious users to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.0g

openssl openssl 1.0.0h

openssl openssl 1.0.1j

openssl openssl 1.0.1i

openssl openssl 1.0.1b

openssl openssl 1.0.1a

openssl openssl 1.0.0c

openssl openssl 1.0.0d

openssl openssl 1.0.0k

openssl openssl 1.0.0l

openssl openssl 1.0.1f

openssl openssl 1.0.1e

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0m

openssl openssl 1.0.0n

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.1c

openssl openssl 1.0.0a

openssl openssl 1.0.0b

openssl openssl 1.0.0i

openssl openssl 1.0.0j

openssl openssl 1.0.1h

openssl openssl 1.0.1g

Vendor Advisories

Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability S ...
Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Debian Security Advisories: DSA-3125-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to use unsupported protocols When OpenS ...
Amazon Linux AMI: ALAS-2015-469
OpenSSL before 098zd, 100 before 100p, and 101 before 101k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_p ...
Red Hat: CVE-2014-8275
Multiple flaws were found in the way OpenSSL parsed X509 certificates An attacker could use these flaws to modify an X509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications ...
Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service condition or perform a man-in-the-middle attack On January 8, 2015, the OpenSSL Project released a security advisory detailing eight distinct vulnerabilities ...
Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products
Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

Github Repositories

https://github.com/neominds/JPN_RIC13351-2

JPN_RIC13351-2 VxWorks 61 Support for CVE-2015-0205, CVE-2014-3572, CVE-2015-0204, CVE-2014-8275, CVE-2014-8275 Feb-Apr 2015 See docs/JPN_RIC13351-2_HowTo_Install_Build_Test_v07docx for detailed instructions

References

CWE-310https://www.openssl.org/news/secadv_20150108.txthttps://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811bhttps://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3ehttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:019http://www.debian.org/security/2015/dsa-3125http://marc.info/?l=bugtraq&m=142496289803847&w=2http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-sslhttp://rhn.redhat.com/errata/RHSA-2015-0066.htmlhttp://marc.info/?l=bugtraq&m=142720981827617&w=2http://marc.info/?l=bugtraq&m=142721102728110&w=2http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://marc.info/?l=bugtraq&m=144050297101809&w=2http://marc.info/?l=bugtraq&m=144050254401665&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=142895206924048&w=2http://marc.info/?l=bugtraq&m=144050205101530&w=2http://marc.info/?l=bugtraq&m=142496179803395&w=2http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://bto.bluecoat.com/security-advisory/sa88http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679http://www.securitytracker.com/id/1033378http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttps://kc.mcafee.com/corporate/index?page=content&id=SB10108https://kc.mcafee.com/corporate/index?page=content&id=SB10102http://www.securityfocus.com/bid/71935http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642https://access.redhat.com/errata/RHSA-2015:0066https://usn.ubuntu.com/2459-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-8275
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook