ByteOS Network

CVE Vulnerability Details :

CVE-2015-1793

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-09 Jul, 2015 | 19:00

Updated At-06 Aug, 2024 | 04:54

▼CVE Numbering Authority (CNA)

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory x_refsource_HP
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825	x_refsource_CONFIRM
http://www.securitytracker.com/id/1032817	vdb-entry x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201507-15	vendor-advisory x_refsource_GENTOO
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl	vendor-advisory x_refsource_CISCO
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8	x_refsource_CONFIRM
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc	vendor-advisory x_refsource_FREEBSD
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html	vendor-advisory x_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://openssl.org/news/secadv_20150709.txt	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144370846326989&w=2	vendor-advisory x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html	vendor-advisory x_refsource_FEDORA
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10125	x_refsource_CONFIRM
http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/91787	vdb-entry x_refsource_BID
http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory x_refsource_HP
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763	x_refsource_CONFIRM
http://www.securityfocus.com/bid/75652	vdb-entry x_refsource_BID
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694	x_refsource_CONFIRM
https://www.exploit-db.com/exploits/38640/	exploit x_refsource_EXPLOIT-DB
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427	vendor-advisory x_refsource_SLACKWARE
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc	vendor-advisory x_refsource_NETBSD

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory x_refsource_HP x_transferred
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1032817	vdb-entry x_refsource_SECTRACK x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	x_refsource_CONFIRM x_transferred
https://security.gentoo.org/glsa/201507-15	vendor-advisory x_refsource_GENTOO x_transferred
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM x_transferred
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl	vendor-advisory x_refsource_CISCO x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8	x_refsource_CONFIRM x_transferred
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc	vendor-advisory x_refsource_FREEBSD x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351	x_refsource_CONFIRM x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM x_transferred
http://openssl.org/news/secadv_20150709.txt	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM x_transferred
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	x_refsource_CONFIRM x_transferred
http://marc.info/?l=bugtraq&m=144370846326989&w=2	vendor-advisory x_refsource_HP x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html	vendor-advisory x_refsource_FEDORA x_transferred
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	x_refsource_CONFIRM x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10125	x_refsource_CONFIRM x_transferred
http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery	x_refsource_CONFIRM x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/91787	vdb-entry x_refsource_BID x_transferred
http://marc.info/?l=bugtraq&m=143880121627664&w=2	vendor-advisory x_refsource_HP x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/75652	vdb-entry x_refsource_BID x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694	x_refsource_CONFIRM x_transferred
https://www.exploit-db.com/exploits/38640/	exploit x_refsource_EXPLOIT-DB x_transferred
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427	vendor-advisory x_refsource_SLACKWARE x_transferred
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc	vendor-advisory x_refsource_NETBSD x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References