// For flags

CVE-2015-0285

HP Security Bulletin HPSBMU03380 1

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.

La función ssl3_client_hello en s3_clnt.c en OpenSSL 1.0.2 anterior a 1.0.2a no asegura que el PRNG está sembrado antes de proceder con una negociación, lo que facilita a atacantes remotos superar los mecanismos de protección criptográficos mediante la captura de trafico de la red y posteriormente realizar un ataque de fuerza bruta.

Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-18 CVE Reserved
  • 2015-03-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
References (18)
URL Tag Source
http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html Third Party Advisory
http://www.securityfocus.com/bid/73234 Third Party Advisory
http://www.securitytracker.com/id/1031929 Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa92 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1202410 Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=e1b568dd2462f7cacf98f3d117936c34e2849a6b
https://kc.mcafee.com/corporate/index?page=content&id=SB10110 Third Party Advisory
URL Date SRC
URL Date SRC
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html 2023-11-07
URL Date SRC
http://marc.info/?l=bugtraq&m=143748090628601&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050155601375&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144050297101809&w=2 2023-11-07
https://security.gentoo.org/glsa/201503-11 2023-11-07
https://www.openssl.org/news/secadv_20150319.txt 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta1
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta2
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2
Search vendor "Openssl" for product "Openssl" and version "1.0.2"
beta3
Affected