5

CVE-2014-8275

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8zc
OpenSSLOpenSSL Version1.0.0a
OpenSSLOpenSSL Version1.0.0b
OpenSSLOpenSSL Version1.0.0c
OpenSSLOpenSSL Version1.0.0d
OpenSSLOpenSSL Version1.0.0e
OpenSSLOpenSSL Version1.0.0f
OpenSSLOpenSSL Version1.0.0g
OpenSSLOpenSSL Version1.0.0h
OpenSSLOpenSSL Version1.0.0i
OpenSSLOpenSSL Version1.0.0j
OpenSSLOpenSSL Version1.0.0k
OpenSSLOpenSSL Version1.0.0l
OpenSSLOpenSSL Version1.0.0m
OpenSSLOpenSSL Version1.0.0n
OpenSSLOpenSSL Version1.0.0o
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.53% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
https://support.citrix.com/article/CTX216642
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
https://support.apple.com/HT204659
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.securitytracker.com/id/1033378
https://bto.bluecoat.com/security-advisory/sa88
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://www.openssl.org/news/secadv_20150108.txt
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://www.securityfocus.com/bid/71935
https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e
https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b