- Home
- CVEs with nessus.description==According to its banner, the remote host is running a version of
OpenSSL 1.0.2 prior to 1.0.2d. It is, therefore, affected by the
following vulnerabilities :
- A certificate validation bypass vulnerability exists due
to a flaw in the X509_verify_cert() function in
x509_vfy.c that is triggered when locating alternate
certificate chains when the first attempt to build such
a chain fails. A remote attacker can exploit this, by
using a valid leaf certificate as a certificate
authority (CA), to issue invalid certificates that will
bypass authentication. (CVE-2015-1793)
- A race condition exists in s3_clnt.c that is triggered
when PSK identity hints are incorrectly updated in the
parent SSL_CTX structure when they are received by a
multi-threaded client. A remote attacker can exploit
this, via a crafted ServerKeyExchange message, to cause
a double-free memory error, resulting in a denial of
service. (CVE-2015-3196)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top