Vulnerability Details : CVE-2015-0293
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-0293
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0293
47.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0293
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-0293
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0293
-
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Oracle Critical Patch Update - January 2016
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
[security-announce] openSUSE-SU-2016:0638-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html
[security-announce] SUSE-SU-2015:0541-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
[security-announce] SUSE-SU-2016:0620-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
[security-announce] SUSE-SU-2016:0617-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-2537-1
USN-2537-1: OpenSSL vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
[security-announce] SUSE-SU-2016:0631-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
[security-announce] openSUSE-SU-2016:0640-1: important: Security update
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://rhn.redhat.com/errata/RHSA-2015-0800.html
RHSA-2015:0800 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html
[SECURITY] Fedora 20 Update: openssl-1.0.1e-42.fc20
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
[security-announce] SUSE-SU-2016:0621-1: important: Security update for
-
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
Apple - Lists.apple.com
-
http://rhn.redhat.com/errata/RHSA-2015-0715.html
RHSA-2015:0715 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=143748090628601&w=2
'[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Mu' - MARC
-
https://security.gentoo.org/glsa/201503-11
OpenSSL: Multiple vulnerabilities (GLSA 201503-11) — Gentoo security
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680
Juniper Networks - 2015-04 Security Bulletin: OpenSSL 19th March 2015 advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
[security-announce] openSUSE-SU-2016:0628-1: important: Security update
-
http://www.securitytracker.com/id/1031929
OpenSSL Multiple Flaws Let Remote Users Deny Service - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html
[SECURITY] Fedora 22 Update: mingw-openssl-1.0.2a-1.fc22
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
[security-announce] SUSE-SU-2016:0624-1: important: Security update for
-
http://marc.info/?l=bugtraq&m=144050297101809&w=2
'[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multipl' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=1202404
1202404 – (CVE-2015-0293) CVE-2015-0293 openssl: assertion failure in SSLv2 servers
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html
[SECURITY] Fedora 21 Update: openssl-1.0.1k-6.fc21
-
https://bto.bluecoat.com/security-advisory/sa92
SA92 : OpenSSL Security Advisory 19-Mar-2015
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017
-
https://git.openssl.org/?p=openssl.git;a=commit;h=86f8fb0e344d62454f8daf3e15236b2b59210756
git.openssl.org Git - openssl.git/commit
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
McAfee Security Bulletin: Fourteen OpenSSL CVEs Announced on March 19, 2015
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://marc.info/?l=bugtraq&m=143213830203296&w=2
'[security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (' - MARC
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Oracle Bulletin Board Update - January 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
[security-announce] SUSE-SU-2015:0578-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html
[SECURITY] Fedora 21 Update: mingw-openssl-1.0.2a-1.fc21
-
http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html
openSUSE-SU-2015:0554-1: moderate: Security update for openssl
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
[security-announce] openSUSE-SU-2016:0637-1: important: Security update
-
https://www.openssl.org/news/secadv_20150319.txt
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
[security-announce] SUSE-SU-2016:1057-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Oracle Critical Patch Update - July 2015
-
http://rhn.redhat.com/errata/RHSA-2015-0752.html
RHSA-2015:0752 - Security Advisory - Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=144050155601375&w=2
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
[security-announce] openSUSE-SU-2016:0720-1: important: Security update
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://rhn.redhat.com/errata/RHSA-2015-0716.html
RHSA-2015:0716 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html
[SECURITY] Fedora 22 Update: openssl-1.0.1k-6.fc22
-
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Oracle Critical Patch Update - October 2015
-
https://access.redhat.com/articles/1384453
Access denied - Red Hat Customer Portal
-
https://support.citrix.com/article/CTX216642
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
-
http://support.apple.com/kb/HT204942
About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 - Apple Support
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
[security-announce] SUSE-SU-2016:0641-1: important: Security update for
-
https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc
-
http://www.securityfocus.com/bid/73232
OpenSSL CVE-2015-0293 Denial of Service Vulnerability
Jump to