CVE-2015-0288

MEDIUM

Description

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

ID	Name	Product	Family	Severity
119963	SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)	Nessus	SuSE Local Security Checks	high
90526	Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCut46130 / CSCut46126)	Nessus	CISCO	high
90525	Cisco IOS Multiple OpenSSL Vulnerabilities (CSCut46130)	Nessus	CISCO	high
90251	HP System Management Homepage < 7.2.6 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	high
89651	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)	Nessus	SuSE Local Security Checks	critical
87672	Puppet Enterprise Multiple OpenSSL Vulnerabilities (FREAK)	Nessus	CGI abuses	high
87525	SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:2303-1)	Nessus	SuSE Local Security Checks	high
87442	openSUSE Security Update : mysql (openSUSE-2015-889) (BACKRONYM)	Nessus	SuSE Local Security Checks	high
8801	Mac OS X < 10.10.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
84998	openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)	Nessus	SuSE Local Security Checks	high
84923	HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	high
84489	Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)	Nessus	MacOS X Local Security Checks	critical
84488	Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)	Nessus	MacOS X Local Security Checks	high
84400	Blue Coat ProxySG 6.2.x < 6.2.16.4 / 6.5.x < 6.5.7.5 / 6.6.x < 6.6.2.1 Multiple OpenSSL Vulnerabilities	Nessus	Firewalls	high
83992	Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)	Nessus	CGI abuses	high
83703	SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)	Nessus	SuSE Local Security Checks	medium
83527	Apache Tomcat 8.0.x < 8.0.21 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
83526	Apache Tomcat 7.0.x < 7.0.60 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
83490	Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)	Nessus	Web Servers	medium
83238	Fedora 21 : mingw-openssl-1.0.2a-1.fc21 (2015-6855)	Nessus	Fedora Local Security Checks	medium
83216	Fedora 22 : mingw-openssl-1.0.2a-1.fc22 (2015-6951)	Nessus	Fedora Local Security Checks	medium
82922	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openssl (SSA:2015-111-09)	Nessus	Slackware Local Security Checks	medium
82900	AIX OpenSSL Advisory : openssl_advisory13.asc	Nessus	AIX Local Security Checks	high
82783	CentOS 5 : openssl (CESA-2015:0800) (FREAK)	Nessus	CentOS Local Security Checks	high
82760	Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (FREAK)	Nessus	Scientific Linux Local Security Checks	high
82758	RHEL 5 : openssl (RHSA-2015:0800) (FREAK)	Nessus	Red Hat Local Security Checks	high
82757	Oracle Linux 5 : openssl (ELSA-2015-0800) (FREAK)	Nessus	Oracle Linux Local Security Checks	high
82494	RHEL 6 : Storage Server (RHSA-2015:0752)	Nessus	Red Hat Local Security Checks	high
82316	Mandriva Linux Security Advisory : openssl (MDVSA-2015:063)	Nessus	Mandriva Local Security Checks	medium
82315	Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)	Nessus	Mandriva Local Security Checks	high
8662	OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
8661	OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
82266	Scientific Linux Security Update : openssl on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
82265	Scientific Linux Security Update : openssl on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
82162	Debian DLA-177-1 : openssl security update	Nessus	Debian Local Security Checks	high
82077	stunnel < 5.12 OpenSSL Multiple Vulnerabilities	Nessus	Windows	medium
82060	Fedora 22 : openssl-1.0.1k-6.fc22 (2015-4320)	Nessus	Fedora Local Security Checks	high
82059	Fedora 21 : openssl-1.0.1k-6.fc21 (2015-4303)	Nessus	Fedora Local Security Checks	high
82058	Fedora 20 : openssl-1.0.1e-42.fc20 (2015-4300)	Nessus	Fedora Local Security Checks	high
82047	Amazon Linux AMI : openssl (ALAS-2015-498)	Nessus	Amazon Linux Local Security Checks	medium
82033	OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities	Nessus	Web Servers	medium
82032	OpenSSL 1.0.1 < 1.0.1m Multiple Vulnerabilities	Nessus	Web Servers	medium
82031	OpenSSL 1.0.0 < 1.0.0r Multiple Vulnerabilities	Nessus	Web Servers	medium
82030	OpenSSL 0.9.8 < 0.9.8zf Multiple Vulnerabilities	Nessus	Web Servers	medium
82018	RHEL 7 : openssl (RHSA-2015:0716)	Nessus	Red Hat Local Security Checks	high
82017	RHEL 6 : openssl (RHSA-2015:0715)	Nessus	Red Hat Local Security Checks	high
82016	Oracle Linux 7 : openssl (ELSA-2015-0716)	Nessus	Oracle Linux Local Security Checks	high
82015	Oracle Linux 6 : openssl (ELSA-2015-0715)	Nessus	Oracle Linux Local Security Checks	high
82010	GLSA-201503-11 : OpenSSL: Multiple vulnerabilities (FREAK)	Nessus	Gentoo Local Security Checks	high
81998	CentOS 7 : openssl (CESA-2015:0716)	Nessus	CentOS Local Security Checks	high
81997	CentOS 6 : openssl (CESA-2015:0715)	Nessus	CentOS Local Security Checks	high
81996	SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10481)	Nessus	SuSE Local Security Checks	high
81995	openSUSE Security Update : openssl (openSUSE-2015-247)	Nessus	SuSE Local Security Checks	medium
81971	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : openssl vulnerabilities (USN-2537-1)	Nessus	Ubuntu Local Security Checks	high
81970	SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)	Nessus	SuSE Local Security Checks	high
81962	FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)	Nessus	FreeBSD Local Security Checks	high
81955	Debian DSA-3197-1 : openssl - security update	Nessus	Debian Local Security Checks	high
801937	OpenSSL < 0.9.8zf / 1.0.0r / 1.0.1m / 1.0.2a Multiple Vulnerabilities	Log Correlation Engine	Web Servers	medium

CVE-2015-0288

Description

References

Details

Risk Information

CVSS v2.0