- Home
- CVEs with nessus.description==According to its self-reported version number, the Blue Coat ProxyAV
firmware installed on the remote device is 3.5.x prior to 3.5.4.1. It
is, therefore, affected by the following vulnerabilities in the
bundled version of OpenSSL :
- A NULL pointer dereference flaw exists in file
rsa_ameth.c due to improper handling of ASN.1 signatures
that are missing the PSS parameter. A remote attacker
can exploit this to cause the signature verification
routine to crash, resulting in a denial of service
condition. (CVE-2015-3194)
- A flaw exists in the ASN1_TFLG_COMBINE implementation in
file tasn_dec.c related to handling malformed
X509_ATTRIBUTE structures. A remote attacker can exploit
this to cause a memory leak by triggering a decoding
failure in a PKCS#7 or CMS application, resulting in a
denial of service. (CVE-2015-3195)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top