CVE-2015-1793 in Oracle JD Edwards World Securityinfo

Summary

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Reservation

02/17/2015

Disclosure

07/09/2015

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92893	Oracle JD Edwards World Security GUI/World Vision 7pk security	254	High	Official fix	CVE-2015-1793
90092	Oracle ILOM 7pk security	254	High	Official fix	CVE-2015-1793
82666	Oracle Ethernet Switch ES2-72/Ethernet Switch ES2-64 Firmware 7pk security	254	High	Official fix	CVE-2015-1793
82639	Oracle JD Edwards EnterpriseOne Tools OneWorld Tools Security 7pk security	254	High	Official fix	CVE-2015-1793
80558	Oracle Sun Network 10GE Switch 72p Firmware 7pk security	254	High	Official fix	CVE-2015-1793
80557	Oracle Sun Blade 6000 Ethernet Switched NEM 24P 10GE Firmware 7pk security	254	High	Official fix	CVE-2015-1793
80556	Oracle Switch ES1-24 Firmware 7pk security	254	High	Official fix	CVE-2015-1793
80400	Oracle Enterprise Manager Ops Center 7pk security	254	High	Official fix	CVE-2015-1793
80399	Oracle Enterprise Manager Base Platform 7pk security	254	High	Official fix	CVE-2015-1793
80378	Oracle Tuxedo SSL/TLS 7pk security	254	High	Official fix	CVE-2015-1793
80377	Oracle Endeca Server SSL/TLS 7pk security	254	High	Official fix	CVE-2015-1793
80376	Oracle Business Intelligence Enterprise Edition BI Platform Security 7pk security	254	High	Official fix	CVE-2015-1793
78678	Oracle MySQL Server Encryption 7pk security	254	High	Official fix	CVE-2015-1793
78603	Oracle Agile Engineering Data Management 7pk security	254	High	Official fix	CVE-2015-1793
78584	Oracle Enterprise Manager OSS Support Tools 7pk security	254	High	Official fix	CVE-2015-1793
76354	OpenSSL x509 Basic Constraints x509_vfy.c X509_verify_cert 7pk security	254	High	Official fix	CVE-2015-1793

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!