Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-0293

Published: 19/03/2015 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The SSLv2 implementation in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 1.0.1j

openssl openssl 1.0.0n

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.1h

openssl openssl 1.0.0m

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.0p

openssl openssl 1.0.1a

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.0k

openssl openssl 1.0.1k

openssl openssl 1.0.0

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.0l

openssl openssl 1.0.2

openssl openssl 1.0.0a

openssl openssl 1.0.0q

openssl openssl 1.0.1i

openssl openssl 1.0.0b

openssl openssl 1.0.1

openssl openssl 1.0.0g

openssl openssl

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Amazon Linux AMI: ALAS-2016-682
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled (CVE-2015-0293) It was discovered that the SSLv2 servers using OpenSSL accepted ...
Amazon Linux AMI: ALAS-2015-498
A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported (CVE-2015-0209) A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages A malicious client could send a specially crafted SS ...
Red Hat: CVE-2015-0293
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled ...
Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory On March 19, 2015, the OpenSSL Project released a security advisory detailing 13 distinct vulner ...
Tenable Security Advisories: [R6] OpenSSL '20150319' Advisory Affects Tenable Products
Nessus is potentially impacted by seven vulnerabilities in OpenSSL that were recently disclosed and fixed OpenSSL contains an invalid read flaw in the ASN1_TYPE_cmp() function in crypto/asn1/a_typec that is triggered when an attempt is made to compare ASN1 boolean types This may allow a context-dependent attacker to crash an application linked ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=1202404https://www.openssl.org/news/secadv_20150319.txthttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.htmlhttp://lists.opensuse.org/opensuse-updates/2015-03/msg00062.htmlhttps://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.aschttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.htmlhttp://www.ubuntu.com/usn/USN-2537-1http://www.securitytracker.com/id/1031929http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0716.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:063http://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://rhn.redhat.com/errata/RHSA-2015-0752.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0715.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0800.htmlhttps://access.redhat.com/articles/1384453http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.htmlhttp://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlhttp://support.apple.com/kb/HT204942http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttps://bto.bluecoat.com/security-advisory/sa92http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://marc.info/?l=bugtraq&m=144050297101809&w=2http://marc.info/?l=bugtraq&m=143213830203296&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlhttps://security.gentoo.org/glsa/201503-11http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680https://kc.mcafee.com/corporate/index?page=content&id=SB10110http://www.securityfocus.com/bid/73232http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=86f8fb0e344d62454f8daf3e15236b2b59210756https://nvd.nist.govhttps://usn.ubuntu.com/2537-1/https://access.redhat.com/security/cve/cve-2015-0293https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook