Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
392
VMScore

CVE-2015-1789

Published: 12/06/2015 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 392
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL prior to 0.9.8zg, 1.0.0 prior to 1.0.0s, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.1m

openssl openssl 1.0.2a

openssl openssl 1.0.1j

openssl openssl 1.0.0n

openssl openssl 1.0.1

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.0

openssl openssl 1.0.1h

openssl openssl 1.0.0m

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.0p

openssl openssl 1.0.1a

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.0k

openssl openssl 1.0.2

openssl openssl 1.0.1k

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.0l

openssl openssl 1.0.0r

openssl openssl 1.0.0a

openssl openssl 1.0.0q

openssl openssl 1.0.1i

openssl openssl 1.0.0b

openssl openssl 1.0.0g

oracle sparc-opl service processor

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Amazon Linux AMI: ALAS-2015-550
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites) An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation This can lead to a passive man-in-the-middle attack in ...
Red Hat: CVE-2015-1789
An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash ...
Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthe ...
Tenable Security Advisories: [R7] OpenSSL '20150611' Advisory Affects Tenable Products
Nessus and SecurityCenter are potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to patch the included version of OpenSSL as a precaution, and to save time CVE-2015-1788 - OpenSSL crypto/bn/bn_gf2mc BN_GF2m ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Recent Articles

HPE rushes out patch for more than a year of OpenSSL vulns
The Register • Richard Chirgwin • 06 Jul 2016

Logjam in patch pipeline cleared at last

HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug. The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system. The company's notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-1793. Most o...

Read more...

References

CWE-119https://www.openssl.org/news/secadv_20150611.txthttps://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://marc.info/?l=bugtraq&m=143880121627664&w=2http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763http://marc.info/?l=bugtraq&m=143654156615516&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/75156https://openssl.org/news/secadv/20150611.txthttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015https://bto.bluecoat.com/security-advisory/sa98http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://security.gentoo.org/glsa/201506-02http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.htmlhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttps://kc.mcafee.com/corporate/index?page=content&id=SB10122http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://www.ubuntu.com/usn/USN-2639-1http://www.securitytracker.com/id/1032564http://www.debian.org/security/2015/dsa-3287http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://rhn.redhat.com/errata/RHSA-2015-1197.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://usn.ubuntu.com/2639-1/https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook