CVE-2015-0207
HP Security Bulletin HPSBMU03380 1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.
La función dtls1_listen en d1_lib.c en OpenSSL 1.0.2 anterior a 1.0.2a no aísla correctamente la información de estado de flujos de datos independientes, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de trafico DTLS manipulado, tal y como fue demostrado por trafico DTLS 1.0 hacia un servidor DTLS 1.2.
Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-03-19 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/73229 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031929 | Third Party Advisory | |
| https://bto.bluecoat.com/security-advisory/sa92 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1202351 | Issue Tracking | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf |
|
|
| https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=819418110b6fff4a7b96f01a5d68f71df3e3b736 | ||
| https://kc.mcafee.com/corporate/index?page=content&id=SB10110 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=143748090628601&w=2 | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=144050155601375&w=2 | 2023-11-07 | |
| http://marc.info/?l=bugtraq&m=144050297101809&w=2 | 2023-11-07 | |
| https://security.gentoo.org/glsa/201503-11 | 2023-11-07 | |
| https://www.openssl.org/news/secadv_20150319.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | - |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta1 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta2 |
Affected
| ||||||
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | 1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2" | beta3 |
Affected
| ||||||