// For flags

CVE-2015-1793

OpenSSL - Alternative Chains Certificate Forgery

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido.

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-17 CVE Reserved
  • 2015-07-09 CVE Published
  • 2015-07-27 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-04-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-254: 7PK - Security Features
  • CWE-754: Improper Check for Unusual or Exceptional Conditions
CAPEC
References (34)
URL Tag Source
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery X_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 X_refsource_confirm
http://www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html X_refsource_confirm
http://www.securityfocus.com/bid/75652 Vdb Entry
http://www.securityfocus.com/bid/91787 Vdb Entry
http://www.securitytracker.com/id/1032817 Vdb Entry
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htm X_refsource_confirm
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=9a0db453ba017ebcaccbee933ee6511a9ae4d1c8 X_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822825 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 X_refsource_confirm
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10125 X_refsource_confirm
http://git.openssl.org/?p=openssl.git;a=commit;h=f404943bcab4898d18f3ac1b36479d1d7bbbb9e6
URL Date SRC
https://packetstorm.news/files/id/134250 2015-11-06
https://packetstorm.news/files/id/132843 2015-07-27
https://www.exploit-db.com/exploits/38640 2024-08-06
URL Date SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html 2023-11-07
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html 2023-11-07
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html 2023-11-07
URL Date SRC
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html 2023-11-07
http://marc.info/?l=bugtraq&m=143880121627664&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=144370846326989&w=2 2023-11-07
http://openssl.org/news/secadv_20150709.txt 2023-11-07
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl 2023-11-07
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.561427 2023-11-07
https://security.gentoo.org/glsa/201507-15 2023-11-07
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Supply Chain Products Suite
Search vendor "Oracle" for product "Supply Chain Products Suite"
 6.1.2.2
Search vendor "Oracle" for product "Supply Chain Products Suite" and version "6.1.2.2"
-
Affected
Oracle
Search vendor "Oracle"
 Supply Chain Products Suite
Search vendor "Oracle" for product "Supply Chain Products Suite"
 6.1.3.0
Search vendor "Oracle" for product "Supply Chain Products Suite" and version "6.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Supply Chain Products Suite
Search vendor "Oracle" for product "Supply Chain Products Suite"
 6.2.0
Search vendor "Oracle" for product "Supply Chain Products Suite" and version "6.2.0"
-
Affected
Oracle
Search vendor "Oracle"
 Jd Edwards Enterpriseone Tools
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"
 9.1
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version "9.1"
-
Affected
Oracle
Search vendor "Oracle"
 Jd Edwards Enterpriseone Tools
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"
 9.2
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version "9.2"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1n
Search vendor "Openssl" for product "Openssl" and version "1.0.1n"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.1o
Search vendor "Openssl" for product "Openssl" and version "1.0.1o"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2b
Search vendor "Openssl" for product "Openssl" and version "1.0.2b"
-
Affected
Openssl
Search vendor "Openssl"
 Openssl
Search vendor "Openssl" for product "Openssl"
 1.0.2c
Search vendor "Openssl" for product "Openssl" and version "1.0.2c"
-
Affected
Oracle
Search vendor "Oracle"
 Opus 10g Ethernet Switch Family
Search vendor "Oracle" for product "Opus 10g Ethernet Switch Family"
 <= 2.0.0.6
Search vendor "Oracle" for product "Opus 10g Ethernet Switch Family" and version " <= 2.0.0.6"
-
Affected