Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1787

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2015-1787
Last Modified 16 Jul 2015 10:02:09
Published 19 Mar 2015 06:59:12
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2015-1787

Summary

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

Vulnerable Systems

Application

  • Openssl 1.0.2


References

CONFIRM - https://www.openssl.org/news/secadv_20150319.txt

CONFIRM - https://git.openssl.org/?p=openssl.git;a=commit;h=b19d8143212ae5fbc9cebfd51c01f802fabccd33

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1202406

SECTRACK - 1031929

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html


Last Updated: 27 May 2016 10:55:49