CVE-2015-3197

OpenSSL: SSLv2 doesn't block disabled ciphers

Severity Score

5.9

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

ssl/s2_srvr.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1r y 1.0.2 en versiones anteriores a 1.0.2f no impide el uso de cifrados deshabilitados, lo que hace que sea más fácil para atacantes man-in-the-middle vencer los mecanismos de protección criptográfica llevando a cabo cálculos sobre tráfico SSLv2, relacionado con las funciones get_client_master_key y get_client_hello.

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks.

Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite. Other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-10 CVE Reserved
2016-01-28 CVE Published
2023-11-07 First Exploit
2024-08-06 CVE Updated
2025-05-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-310: Cryptographic Issues

CAPEC

References (39)

URL	Tag	Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/82237	Vdb Entry
http://www.securityfocus.com/bid/91787	Vdb Entry
http://www.securitytracker.com/id/1034849	Vdb Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d81a1600588b726c2bdccda7efad3cc7a87d6245
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
https://www.kb.cert.org/vuls/id/257823	Third Party Advisory

URL	Date	SRC
https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3197	2023-11-07

URL	Date	SRC
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	2023-11-07

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	2023-11-07
http://www.openssl.org/news/secadv/20160128.txt	2023-11-07
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:11.openssl.asc	2023-11-07
https://security.gentoo.org/glsa/201601-05	2023-11-07
https://access.redhat.com/security/cve/CVE-2015-3197	2016-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=1301846	2016-03-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Tuxedo Search vendor "Oracle" for product "Tuxedo"				12.1.1.0 Search vendor "Oracle" for product "Tuxedo" and version "12.1.1.0"		-		Affected
Oracle Search vendor "Oracle"		Exalogic Infrastructure Search vendor "Oracle" for product "Exalogic Infrastructure"				1.0 Search vendor "Oracle" for product "Exalogic Infrastructure" and version "1.0"		-		Affected
Oracle Search vendor "Oracle"		Exalogic Infrastructure Search vendor "Oracle" for product "Exalogic Infrastructure"				2.0 Search vendor "Oracle" for product "Exalogic Infrastructure" and version "2.0"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.53 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.53"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.54 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.54"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.55 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.55"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1 Search vendor "Openssl" for product "Openssl" and version "1.0.1"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1a Search vendor "Openssl" for product "Openssl" and version "1.0.1a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1b Search vendor "Openssl" for product "Openssl" and version "1.0.1b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1c Search vendor "Openssl" for product "Openssl" and version "1.0.1c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1d Search vendor "Openssl" for product "Openssl" and version "1.0.1d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1e Search vendor "Openssl" for product "Openssl" and version "1.0.1e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1f Search vendor "Openssl" for product "Openssl" and version "1.0.1f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1g Search vendor "Openssl" for product "Openssl" and version "1.0.1g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1h Search vendor "Openssl" for product "Openssl" and version "1.0.1h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1i Search vendor "Openssl" for product "Openssl" and version "1.0.1i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1j Search vendor "Openssl" for product "Openssl" and version "1.0.1j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1k Search vendor "Openssl" for product "Openssl" and version "1.0.1k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1l Search vendor "Openssl" for product "Openssl" and version "1.0.1l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1m Search vendor "Openssl" for product "Openssl" and version "1.0.1m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1n Search vendor "Openssl" for product "Openssl" and version "1.0.1n"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1o Search vendor "Openssl" for product "Openssl" and version "1.0.1o"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1p Search vendor "Openssl" for product "Openssl" and version "1.0.1p"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.1q Search vendor "Openssl" for product "Openssl" and version "1.0.1q"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2 Search vendor "Openssl" for product "Openssl" and version "1.0.2"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2a Search vendor "Openssl" for product "Openssl" and version "1.0.2a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2b Search vendor "Openssl" for product "Openssl" and version "1.0.2b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2c Search vendor "Openssl" for product "Openssl" and version "1.0.2c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2d Search vendor "Openssl" for product "Openssl" and version "1.0.2d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				1.0.2e Search vendor "Openssl" for product "Openssl" and version "1.0.2e"		-		Affected
Oracle Search vendor "Oracle"		Oss Support Tools Search vendor "Oracle" for product "Oss Support Tools"				8.11.16.3.8 Search vendor "Oracle" for product "Oss Support Tools" and version "8.11.16.3.8"		-		Affected
Oracle Search vendor "Oracle"		Vm Virtualbox Search vendor "Oracle" for product "Vm Virtualbox"				5.0.16 Search vendor "Oracle" for product "Vm Virtualbox" and version "5.0.16"		-		Affected