1. CVE-Search
  2. CVE-2015-1793
ID CVE-2015-1793
Summary The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.2.2.13:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.2.2.15:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.2.2.15:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.3.1.13:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:1.3.1.13:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:2.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:2.0.0.6:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 30-11-2018 - 21:30)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid
  • 75652
  • 91787
cisco 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
confirm
exploit-db 38640
fedora
  • FEDORA-2015-11414
  • FEDORA-2015-11475
freebsd FreeBSD-SA-15:12
gentoo GLSA-201507-15
hp
  • HPSBGN03424
  • HPSBUX03388
  • SSRT102180
netbsd NetBSD-SA2015-008
sectrack 1032817
slackware SSA:2015-190-01
Last major update 30-11-2018 - 21:30
Published 09-07-2015 - 19:17
Last modified 30-11-2018 - 21:30
Back to Top