Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3197

Published: 15/02/2016 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 460
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Tuxedo

Vulnerability Summary

ssl/s2_srvr.c in OpenSSL 1.0.1 prior to 1.0.1r and 1.0.2 prior to 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle malicious users to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle tuxedo 12.1.1.0

oracle exalogic infrastructure 1.0

oracle exalogic infrastructure 2.0

oracle peoplesoft enterprise peopletools 8.54

oracle peoplesoft enterprise peopletools 8.53

oracle peoplesoft enterprise peopletools 8.55

openssl openssl 1.0.1m

openssl openssl 1.0.2a

openssl openssl 1.0.1j

openssl openssl 1.0.1

openssl openssl 1.0.1h

openssl openssl 1.0.2e

openssl openssl 1.0.2b

openssl openssl 1.0.1c

openssl openssl 1.0.1g

openssl openssl 1.0.1a

openssl openssl 1.0.1d

openssl openssl 1.0.2c

openssl openssl 1.0.2

openssl openssl 1.0.1p

openssl openssl 1.0.1k

openssl openssl 1.0.1b

openssl openssl 1.0.1n

openssl openssl 1.0.1q

openssl openssl 1.0.1e

openssl openssl 1.0.1l

openssl openssl 1.0.1f

openssl openssl 1.0.1o

openssl openssl 1.0.1i

openssl openssl 1.0.2d

oracle oss support tools 8.11.16.3.8

oracle vm virtualbox 5.0.16

Vendor Advisories

Amazon Linux AMI: ALAS-2016-682
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled (CVE-2015-0293) It was discovered that the SSLv2 servers using OpenSSL accepted ...
Amazon Linux AMI: ALAS-2016-661
A padding oracle flaw was found in the Secure Sockets Layer version 20 (SSLv2) protocol An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections This cross-protocol attack is publicly referred to as DROWN (CVE-2016-0800) Pri ...
Red Hat: CVE-2015-3197
A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks ...
Cisco: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
On January 28, 2016, the OpenSSL Project released a security advisory detailing two vulnerabilities Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on an SSL/TLS connection This advisory will be ...

ICS Advisories

Siemens SCALANCE X-200RNA Switch Devices

Exploits

Exploit DB: Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Orion Elite Hidden IP Browser Pro versions 10 through 79 have insecure versions of Tor and OpenSSL included and also suffer from man-in-the-middle vulnerabilities ...

Nmap Scripts

sslv2-drown

Determines whether the server supports SSLv2, what ciphers it supports and tests for CVE-2015-3197, CVE-2016-0703 and CVE-2016-0800 (DROWN)

nmap -sV --script=sslv2-drown <target>

443/tcp open  https
| sslv2-drown:
|   ciphers:
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_IDEA_128_CBC_WITH_MD5
|     SSL2_RC2_128_CBC_WITH_MD5
|     SSL2_RC4_128_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|   forced_ciphers:
|     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|     SSL2_RC4_128_EXPORT40_WITH_MD5
|   vulns:
|     CVE-2016-0800:
|       title: OpenSSL: Cross-protocol attack on TLS using SSLv2 (DROWN)
|       state: VULNERABLE
|       ids:
|         CVE:CVE-2016-0800
|       description:
|               The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and
|       other products, requires a server to send a ServerVerify message before establishing
|       that a client possesses certain plaintext RSA data, which makes it easier for remote
|       attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding
|       oracle, aka a "DROWN" attack.
|
|       refs:
|         https://www.openssl.org/news/secadv/20160301.txt
|_        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
sslv2-drown

Determines whether the server supports SSLv2, what ciphers it supports and tests for CVE-2015-3197, CVE-2016-0703 and CVE-2016-0800 (DROWN)

nmap -sV --script=sslv2-drown <target>

443/tcp open  https
| sslv2-drown:
|   ciphers:
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_IDEA_128_CBC_WITH_MD5
|     SSL2_RC2_128_CBC_WITH_MD5
|     SSL2_RC4_128_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|   forced_ciphers:
|     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|     SSL2_RC4_128_EXPORT40_WITH_MD5
|   vulns:
|     CVE-2016-0800:
|       title: OpenSSL: Cross-protocol attack on TLS using SSLv2 (DROWN)
|       state: VULNERABLE
|       ids:
|         CVE:CVE-2016-0800
|       description:
|               The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and
|       other products, requires a server to send a ServerVerify message before establishing
|       that a client possesses certain plaintext RSA data, which makes it easier for remote
|       attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding
|       oracle, aka a "DROWN" attack.
|
|       refs:
|         https://www.openssl.org/news/secadv/20160301.txt
|_        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

Recent Articles

OpenSSL patch quashes rare HTTPS nasty, shores up crypto chops
The Register • Team Register • 29 Jan 2016

Feet up for the many, head's down and patch for the rest.

OpenSSL maintainers have pushed a pair of patches, crushing a dangerous but uncommon bug that allows HTTPS to be unravelled while also hardening servers against downgrade attacks. Affected servers are open to key recovery attacks only if it runs certain Digital Signature Algorithm and static Diffie-Hellman key exchange subgroups, while running OpenSSL version 1.0.2. The high severity bug (CVE-2016-0701) revealed by Adobe engineer Antonio Sanso and which is fixed in version 1.0.2f. Carnegie Mello...

Read more...

References

CWE-310CWE-200http://www.openssl.org/news/secadv/20160128.txthttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.securityfocus.com/bid/82237http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.htmlhttps://security.gentoo.org/glsa/201601-05https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.aschttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759https://www.kb.cert.org/vuls/id/257823http://www.securitytracker.com/id/1034849http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245https://nvd.nist.govhttps://www.theregister.co.uk/2016/01/29/openssl_patch_quashes_rare_https_nasty_shores_up_crypto_chops/https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21https://www.kb.cert.org/vuls/id/257823
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook