OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Gravità: : Critico
Identificatori CVE: CVE-2015-1793
Data notifica: 09 luglio 2015
Descrizione
A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
Informazioni esposizione:
Vulnerability Protection in Trend Micro Deep Security protects user systems from threats that may leverage this vulnerability with the following DPI rules:
- 1006855 – OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
- 1006856 – OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
Soluzioni
Software e versione interessati:
- OpenSSL 1.0.2c
- OpenSSL 1.0.2b
- OpenSSL 1.0.1n
- OpenSSL 1.0.1o