Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-1791

Published: 12/06/2015 Updated: 13/12/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL prior to 0.9.8zg, 1.0.0 prior to 1.0.0s, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b, when used for a multi-threaded client, allows remote malicious users to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

openssl openssl 1.0.1m

openssl openssl 1.0.2a

openssl openssl 1.0.1j

openssl openssl 1.0.0n

openssl openssl 1.0.1

openssl openssl 1.0.0c

openssl openssl 1.0.0i

openssl openssl 1.0.0

openssl openssl 1.0.1h

openssl openssl 1.0.0m

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.0h

openssl openssl 1.0.0e

openssl openssl 1.0.0f

openssl openssl 1.0.0d

openssl openssl 1.0.0j

openssl openssl 1.0.0p

openssl openssl 1.0.1a

openssl openssl 1.0.0o

openssl openssl 1.0.1d

openssl openssl 1.0.0k

openssl openssl 1.0.2

openssl openssl 1.0.1k

openssl openssl 1.0.1b

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.0l

openssl openssl 1.0.0r

openssl openssl 1.0.0a

openssl openssl 1.0.0q

openssl openssl 1.0.1i

openssl openssl 1.0.0b

openssl openssl 1.0.0g

Vendor Advisories

Ubuntu Security Notice: openssl vulnerabilities
Several security issues were fixed in OpenSSL ...
Amazon Linux AMI: ALAS-2015-550
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites) An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation This can lead to a passive man-in-the-middle attack in ...
Red Hat: CVE-2015-1791
A race condition was found in the session handling code of OpenSSL This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash ...
Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
On June 11, 2015, the OpenSSL Project released a security advisory detailing six distinct vulnerabilities, and another fix that provides hardening protections against exploits as described in the Logjam research Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthe ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Github Repositories

https://github.com/buptsseGJ/BinSeeker

Repository of BinSeeker I Introduction of BinSeeker- It's a vulnerability search tool for cross-platform binary Given a vulnerability function f, BinSeeker- can identify whether a binary program contains the same vulnerability as f Currently, it support three architectures, such as X86, ARM32, MIPS32 II Prerequisites To use BinSeeker-, we need the following tools in

https://github.com/buptsseGJ/VulSeeker

VulSeeker: A Semantic Learning Based Vulnerability Seeker For Cross-Platform Binary

Repository of VulSeeker I Introduction of VulSeeker It's a semantic learning based vulnerability search tool for cross-platform binary Given a vulnerability function f, VulSeeker can identify whether a binary program contains the same vulnerability as f Currently, it support six architectures, such as X86, X64, ARM32, ARM64, MIPS32, MIPS64 If you meet any problems, pl

https://github.com/SysSec-KAIST/FirmKit

IoT firmware vulnerability analysis tool based on binary code similarity analysis (BCSA)

Description FirmKit is an IoT vulnerability analysis tool based on binary code similarity analysis (BCSA) FirmKit includes ground truth vulnerabilities in custom binaries, such as CGI binaries, for the top eight wireless router and IP camera vendors Currently, the FirmKit utilizes TikNib, which is a simple interpretable BCSA tool In addition to TikNib's numeric preseman

Recent Articles

HPE rushes out patch for more than a year of OpenSSL vulns
The Register • Richard Chirgwin • 06 Jul 2016

Logjam in patch pipeline cleared at last

HP Enterprise has popped into its Tardis, and gone back in time to patch OpenSSL bugs dating back to 2014 – including the infamous Logjam bug. The bugs are in various network products: Intelligent Management Center (iMC), the VCX unified communications products, and the Comware network operating system. The company's notice cites Common Vulnerability and Exposure (CVE) advisories CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, and CVE-2015-1793. Most o...

Read more...

References

CWE-362https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afchttps://www.openssl.org/news/secadv_20150611.txthttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttps://support.apple.com/kb/HT205031http://marc.info/?l=bugtraq&m=143880121627664&w=2http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763http://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/75161http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733https://openssl.org/news/secadv/20150611.txthttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://www-304.ibm.com/support/docview.wss?uid=swg21960041https://bto.bluecoat.com/security-advisory/sa98http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965https://security.gentoo.org/glsa/201506-02http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttps://kc.mcafee.com/corporate/index?page=content&id=SB10122http://rhn.redhat.com/errata/RHSA-2015-1115.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://www.ubuntu.com/usn/USN-2639-1http://www.securitytracker.com/id/1032479http://www.debian.org/security/2015/dsa-3287http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-opensslhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://support.citrix.com/article/CTX216642https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://usn.ubuntu.com/2639-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1791https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook