QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1793

Published: Jul 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

x_refsource_CONFIRM

20150710 OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products

vendor-advisory

x_refsource_CISCO

https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8

x_refsource_CONFIRM

FreeBSD-SA-15:12

vendor-advisory

x_refsource_FREEBSD

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351

x_refsource_CONFIRM

FEDORA-2015-11414

vendor-advisory

x_refsource_FEDORA

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

x_refsource_CONFIRM

http://openssl.org/news/secadv_20150709.txt

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

FEDORA-2015-11475

vendor-advisory

x_refsource_FEDORA

http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10125

x_refsource_CONFIRM

http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_HP

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

SSA:2015-190-01

vendor-advisory

x_refsource_SLACKWARE

NetBSD-SA2015-008

vendor-advisory

x_refsource_NETBSD

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.