CVE-2015-3197
Description
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
21.948
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update VM VirtualBox 5.0.16 to latest version | Windows |
| Vulnerabilities CVE-2015-3197 are fixed in OpenSSL (x64) 1.0.1r | Windows |
| Vulnerabilities CVE-2016-0701,CVE-2015-3197 are fixed in OpenSSL (x64) 1.0.2f | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.54 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.53 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.3 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.53 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.54 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| SUSE-SU-2016:0624-1(SUSE Linux Enterprise Desktop 11-SP4 ) libopenssl0_9_8-0.9.8j-0.89.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0624-1(SUSE Linux Enterprise Desktop 11-SP4 ) libopenssl0_9_8-32bit-0.9.8j-0.89.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0624-1(SUSE Linux Enterprise Desktop 11-SP4 ) openssl-0.9.8j-0.89.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0631-1(SUSE Linux Enterprise Desktop 11-SP4 ) compat-openssl097g-0.9.7g-146.22.41.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0631-1(SUSE Linux Enterprise Desktop 11-SP4 ) compat-openssl097g-32bit-0.9.7g-146.22.41.1.x86_64.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-admin_en-pdf-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-deployment_en-pdf-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-gnomeuser_en-pdf-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-installquick_en-pdf-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-manuals_en-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-security_en-pdf-12.1-7.2.noarch.rpm | Linux |
| SUSE-SU-2016:0678-1(SUSE Linux Enterprise Desktop 12-SP1 ) sled-tuning_en-pdf-12.1-7.2.noarch.rpm | Linux |
| Openssl098e update (ELSA-2016-0372) openssl098e-0.9.8e-20.0.1.el6_7.1.x86_64.rpm | Linux |
| Openssl098e update (ELSA-2016-0372) openssl098e-0.9.8e-20.0.1.el6_7.1.i686.rpm | Linux |
| Openssl098e update (ELSA-2016-0372) openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm | Linux |
| Openssl098e update (ELSA-2016-0372) openssl098e-0.9.8e-29.el7_2.3.i686.rpm | Linux |
| (RHSA-2016:0372)Important: security update openssl098e-0.9.8e-29.el7_2.3.i686.rpm | Linux |
| (RHSA-2016:0372)Important: security update openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm | Linux |
| (RHSA-2016:0372)Important: security update openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm | Linux |
| (RHSA-2016:0372)Important: security update openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm | Linux |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Emergency Responder | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Jabber for Windows | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco MediaSense | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Mobility Services Engine | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Optical | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Performance Manager | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Contact Center Enterprise | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Intelligence Center | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unity Connection | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unity Express | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IronPort Encryption Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IronPort Email Security Appliance Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco UCS Director | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Nexus 7000 Series Switches | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For CiscoPro Workgroup EtherSwitch Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Computing System | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Prime Collaboration | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Communications Licensing | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco TelePresence Video Communication Server Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Conductor | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco ONS 15454 Series Multiservice Provisioning Platforms | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IPS 4200 Series Sensors | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco AS Series Media Processor Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco TelePresence Administration Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Attendant Consoles | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco Unified Communications Manager (CallManager) | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco SIP IP Phone Software | NCM |
| Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products For Cisco IP Phone 8800 Series | NCM |
| CVE-2015-3197 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342239 | Oracle VM VirtualBox (7.1.4) |
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705811 | Security Update for Cisco Jabber for Windows 11.6(1.38147) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705808 | Security Update for Cisco Mobility Services Engine 8.0(130.12) |
| PATCH-1706040 | Security Update for Cisco Prime Optical 10.6(1) |
| PATCH-1706037 | Security Update for Cisco Prime Performance Manager 1.7(0.1703) |
| PATCH-1705943 | Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0) |
| PATCH-1705886 | Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703070 | Security Update for Cisco Unity Express 6.2.1 |
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1705790 | Security Update for Cisco Nexus 7000 Series Switches 7.3(2)D1(1) |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
| PATCH-1705867 | Security Update for Cisco Conductor 3.600 |
| PATCH-1705963 | Security Update for Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.6(2) |
| PATCH-1705754 | Security Update for Cisco IPS 4200 Series Sensors 7.3(5)P1 |
| PATCH-1705872 | Security Update for Cisco AS Series Media Processor Software CAL9.7 |
| PATCH-1705874 | Security Update for Cisco TelePresence Administration Software 6.1.13_3 |
| PATCH-1706047 | Security Update for Cisco Unified Attendant Consoles 11.0(2) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234