Home

CVE-2015-1793

Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
82.685

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2015-3196,CVE-2015-1793 are fixed in OpenSSL (x64) 1.0.1pWindows
Vulnerabilities CVE-2015-3196,CVE-2015-1793 are fixed in OpenSSL (x64) 1.0.2dWindows
Multiple vulnerabilities affected in Mysql 5.6.21Windows
Multiple vulnerabilities affected in Mysql 5.6.22Windows
Multiple vulnerabilities affected in Mysql 5.6.23Windows
Multiple vulnerabilities affected in Mysql 5.6.24Windows
Multiple vulnerabilities affected in Mysql 5.6.25Windows
Multiple vulnerabilities affected in Mysql 5.6.26Windows
Multiple vulnerabilities affected in Mysql 5.6.35Windows
Multiple vulnerabilities affected in Mysql 5.6.9Windows
Vulnerabilities CVE-2012-3147,CVE-2015-1793 are affected in Mysql 6.4Windows
Vulnerabilities CVE-2015-1793 are affected in JD Edwards EnterpriseOne Tools 9.1Windows
Multiple Vulnerabilities are affected in JD Edwards EnterpriseOne Tools 9.2Windows
Multiple vulnerabilities affected in Mysql 5.6.21 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.22 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.23 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.24 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.25 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.26 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.35 (For Linux)Linux
Multiple vulnerabilities affected in Mysql 5.6.9 (For Linux)Linux
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
CVE-2015-1793NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234