Gravità: : Critico
  Identificatori CVE: CVE-2015-1793
  Data notifica: 09 luglio 2015

  Descrizione

A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.

  Informazioni esposizione:

Vulnerability Protection in Trend Micro Deep Security protects user systems from threats that may leverage this vulnerability with the following DPI rules:

  • 1006855 – OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
  • 1006856 – OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)

  Soluzioni

  Software e versione interessati:

  • OpenSSL 1.0.2c
  • OpenSSL 1.0.2b
  • OpenSSL 1.0.1n
  • OpenSSL 1.0.1o