QwikSec

Security Database

CVE

CWE

Training

CVE-2015-0205

Published: Jan 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openssl-cve20150205-sec-bypass(99708)

vdb-entry

x_refsource_XF

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

x_refsource_CONFIRM

openSUSE-SU-2015:0130

vendor-advisory

x_refsource_SUSE

20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products

vendor-advisory

x_refsource_CISCO

https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

x_refsource_CONFIRM

FEDORA-2015-0601

vendor-advisory

x_refsource_FEDORA

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

https://www.openssl.org/news/secadv_20150108.txt

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

x_refsource_CONFIRM

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

openSUSE-SU-2015:1277

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://kc.mcafee.com/corporate/index?page=content&id=SB10108

x_refsource_CONFIRM

SUSE-SU-2015:0578

vendor-advisory

x_refsource_SUSE

https://kc.mcafee.com/corporate/index?page=content&id=SB10102

x_refsource_CONFIRM

SUSE-SU-2015:0946

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_BID

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_MANDRIVA

https://support.citrix.com/article/CTX216642

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

https://bto.bluecoat.com/security-advisory/sa88

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

FEDORA-2015-0512

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.