CVE-2015-0206

MEDIUM

Description

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.

ID	Name	Product	Family	Severity
90251	HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	high
85803	HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)	Nessus	Misc.	high
85802	HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)	Nessus	Windows	high
84998	openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)	Nessus	SuSE Local Security Checks	high
84923	HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	high
83860	SUSE SLED11 / SLES11 Security Update : MySQL (SUSE-SU-2015:0946-1) (FREAK)	Nessus	SuSE Local Security Checks	medium
83528	Cisco NX-OS OpenSSL Multiple Vulnerabilities (cisco-sa-20150310-ssl) (FREAK)	Nessus	CISCO	medium
83527	Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
83526	Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
83490	Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	high
82315	Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)	Nessus	Mandriva Local Security Checks	high
82271	Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(7021) <= 4.0(48) Multiple Vulnerabilities (FREAK)	Nessus	MacOS X Local Security Checks	medium
82270	Cisco AnyConnect Secure Mobility Client < 3.1(7021) / <= 4.0(48) Multiple Vulnerabilities (FREAK)	Nessus	Windows	medium
81815	McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)	Nessus	Firewalls	medium
81406	AIX OpenSSL Advisory : openssl_advisory12.asc (FREAK)	Nessus	AIX Local Security Checks	medium
80991	openSUSE Security Update : openssl (openSUSE-SU-2015:0130-1) (FREAK)	Nessus	SuSE Local Security Checks	medium
80929	OracleVM 3.3 : openssl (OVMSA-2015-0005) (FREAK)	Nessus	OracleVM Local Security Checks	medium
80925	FreeBSD : LibreSSL -- DTLS vulnerability (f9c388c5-a256-11e4-992a-7b2a515a1247)	Nessus	FreeBSD Local Security Checks	medium
80905	Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)	Nessus	Scientific Linux Local Security Checks	medium
80879	RHEL 6 / 7 : openssl (RHSA-2015:0066) (FREAK)	Nessus	Red Hat Local Security Checks	medium
80877	Oracle Linux 6 / 7 : openssl (ELSA-2015-0066) (FREAK)	Nessus	Oracle Linux Local Security Checks	medium
80874	Fedora 20 : openssl-1.0.1e-41.fc20 (2015-0601)	Nessus	Fedora Local Security Checks	medium
80867	CentOS 6 / 7 : openssl (CESA-2015:0066)	Nessus	CentOS Local Security Checks	medium
80568	OpenSSL 1.0.1 < 1.0.1k Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
80567	OpenSSL 1.0.0 < 1.0.0p Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
80471	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2459-1) (FREAK)	Nessus	Ubuntu Local Security Checks	medium
80464	Fedora 21 : openssl-1.0.1k-1.fc21 (2015-0512)	Nessus	Fedora Local Security Checks	medium
80461	Amazon Linux AMI : openssl (ALAS-2015-469) (FREAK)	Nessus	Amazon Linux Local Security Checks	medium
80456	Mandriva Linux Security Advisory : openssl (MDVSA-2015:019)	Nessus	Mandriva Local Security Checks	medium
80446	Debian DSA-3125-1 : openssl - security update (FREAK)	Nessus	Debian Local Security Checks	medium
80443	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-009-01) (FREAK)	Nessus	Slackware Local Security Checks	medium
80424	FreeBSD : OpenSSL -- multiple vulnerabilities (4e536c14-9791-11e4-977d-d050992ecde8) (FREAK)	Nessus	FreeBSD Local Security Checks	medium
8617	OpenSSL < 1.0.1k / < 1.0.0p / < 0.9.8zd Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium

CVE-2015-0206

Description

References

Details

Risk Information

CVSS v2.0