OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Gravité: : Critique
Identifiant(s) CVE: : CVE-2015-1793
Date du conseil: 09 juillet 2015
Description
A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
Information Exposure Rating:
Vulnerability Protection in Trend Micro Deep Security protects user systems from threats that may leverage this vulnerability with the following DPI rules:
- 1006855 – OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
- 1006856 – OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Solutions
Affected software and version:
- OpenSSL 1.0.2c
- OpenSSL 1.0.2b
- OpenSSL 1.0.1n
- OpenSSL 1.0.1o