ALT-PU-2015-1602-1
Closed vulnerabilities
Published: 2015-07-09
BDU:2015-11040
Уязвимость библиотеки OpenSSL, позволяющая нарушителю нарушить штатную процедуру проверки цепочек сертификатов
Severity: MEDIUM (6.4)
References:
Published: 2015-07-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References:
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- NetBSD-SA2015-008
- NetBSD-SA2015-008
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- FEDORA-2015-11414
- FEDORA-2015-11414
- FEDORA-2015-11475
- FEDORA-2015-11475
- HPSBUX03388
- HPSBUX03388
- SSRT102180
- SSRT102180
- HPSBGN03424
- HPSBGN03424
- http://openssl.org/news/secadv_20150709.txt
- http://openssl.org/news/secadv_20150709.txt
- 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- 20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 75652
- 75652
- 91787
- 91787
- 1032817
- 1032817
- SSA:2015-190-01
- SSA:2015-190-01
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://kc.mcafee.com/corporate/index?page=content&id=SB10125
- https://kc.mcafee.com/corporate/index?page=content&id=SB10125
- GLSA-201507-15
- GLSA-201507-15
- 38640
- 38640
- FreeBSD-SA-15:12
- FreeBSD-SA-15:12