CVE-2015-3197 in Oracle Enterprise Session Border Controllerinfo

Summary

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Reservation

04/10/2015

Disclosure

02/14/2016

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
92878	Oracle Enterprise Session Border Controller OpenSSL cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
90099	Oracle Sun Network 10GE Switch 72p cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
90098	Oracle Sun Blade 6000 Ethernet Switched NEM 24P 10GE cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
90097	Oracle Switch ES1-24 information disclosure	200	Not defined	Official fix	CVE-2015-3197
90096	Oracle 40G 10G 72/64 Ethernet Switch cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
90063	Oracle Primavera P6 Enterprise Project Portfolio Management Project manager cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
90002	Oracle Communications Network Charging/Control DAP/OSD/PI cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
89977	Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
89918	Oracle Enterprise Manager Ops Center Networking cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
82681	Oracle VM VirtualBox cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
82627	Oracle PeopleSoft Enterprise PeopleTools Security cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
82610	Oracle OSS Support Tools Explorer Binaries cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
82602	Oracle Tuxedo Open SSL cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
82601	Oracle Exalogic Infrastructure Base Image cryptographic issue	310	Not defined	Official fix	CVE-2015-3197
80718	OpenSSL SSL/TLS Client cryptographic issue	310	Unproven	Official fix	CVE-2015-3197

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!