OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVSS Base Score: 5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103778 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM MessageSight 1.2

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—

IBM MessageSight

1.2

IT12294

1.2.0.3-IBM-IMA-IFIT12295

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm messagesighteq1.2

CPE	Name	Operator	Version
	ibm messagesight	eq	1.2

checkpoint_advisories 1

ibm 78

prion 1

nvd 1

ubuntucve 1

veracode 1

f5 2

openvas 28

cvelist 1

hackerone 1

nessus 36

openssl 1

debiancve 1

cve 1

altlinux 4

suse 12

slackware 1

archlinux 1

mageia 1

cisco 1

securityvulns 5

ubuntu 1

osv 1

debian 1

fortinet 1

aix 1

gentoo 1

paloalto 2

arista 1

freebsd 1

freebsd_advisory 1

symantec 1

ics 1

oracle 7

checkpoint_advisories

OpenSSL Elliptic Curve Binary Polynomial Field Resource Exhaustion (CVE-2015-1788)

2015-08-17 00:00:00

ibm

Security Bulletin: A vulnerability in GSKit affects IBM DataPower Gateways (CVE-2015-1788)

2021-06-08 22:18:27

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788)

2018-06-15 07:05:16

Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788)

2018-06-15 07:03:32

prion

Authentication flaw

2015-06-12 19:59:00

nvd

CVE-2015-1788

2015-06-12 19:59:01

ubuntucve

CVE-2015-1788

2015-06-11 00:00:00

veracode

Denial Of Service (DoS) Through An Infinite Loop

2017-02-10 05:44:00

SOL16938 - OpenSSL vulnerability CVE-2015-1788

2015-07-08 00:00:00

K16938 : OpenSSL vulnerability CVE-2015-1788

2015-11-10 00:00:00

openvas

OpenSSL Denial of Service Vulnerability (20150611 - 1) - Windows

2015-12-01 00:00:00

OpenSSL Denial of Service Vulnerability (20150611 - 1) - Linux

2015-12-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2015:1181-2)

2021-06-09 00:00:00

cvelist

CVE-2015-1788

2015-06-12 00:00:00

hackerone

Internet Bug Bounty: Malformed ECParameters causes infinite loop

2015-06-11 00:00:00

nessus

IBM HTTP Server 8.0.0.0 <= 8.0.0.11 / 8.5.0.0 <= 8.5.5.6 (533837)

2021-01-06 00:00:00

Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities

2015-11-19 00:00:00

OpenSSL 1.0.0 < 1.0.0e Multiple Vulnerabilities

2011-09-12 00:00:00

openssl

Vulnerability in OpenSSL CVE-2015-1788

2015-06-11 00:00:00

debiancve

CVE-2015-1788

2015-06-12 19:59:01

cve

CVE-2015-1788

2015-06-12 19:59:01

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1q-alt1

2015-12-17 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.1q-alt1

2015-12-17 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1q-alt1

2015-12-17 00:00:00

suse

Security update for OpenSSL (important)

2015-07-03 14:05:21

Security update for OpenSSL (important)

2015-07-03 20:06:29

Security update for OpenSSL (important)

2015-07-03 20:07:31

slackware

[slackware-security] openssl

2015-06-11 23:01:09

archlinux

openssl: multiple issues

2015-06-12 00:00:00

mageia

Updated openssl package fixes security vulnerabilities

2015-06-19 16:33:05

cisco

Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products

2015-06-12 16:00:00

securityvulns

[USN-2639-1] OpenSSL vulnerabilities

2015-06-13 00:00:00

OpenSSL multiple security vulnerabilities

2015-06-13 00:00:00

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

2015-09-14 00:00:00

ubuntu

OpenSSL vulnerabilities

2015-06-11 00:00:00

osv

openssl - security update

2015-06-13 00:00:00

debian

[SECURITY] [DSA 3287-1] openssl security update

2015-06-13 14:32:55

fortinet

OpenSSL vulnerabilities - June 2015

2015-06-11 00:00:00

aix

Multiple Security vulnerabilities in AIX OpenSSL

2015-07-15 00:20:05

gentoo

OpenSSL: Multiple vulnerabilities

2015-06-22 00:00:00

paloalto

OpenSSL Vulnerabilities

2016-10-18 00:00:00

OpenSSL Vulnerabilities

2016-08-15 00:00:00

arista

Security Advisory 0011

2015-06-17 00:00:00

freebsd

openssl -- multiple vulnerabilities

2015-06-11 00:00:00

freebsd_advisory

FreeBSD-SA-15:10.openssl

2015-06-12 00:00:00

symantec

SA98 : OpenSSL Security Advisory 11-June-2015

2015-06-17 08:00:00

ics

Siemens SCALANCE X-200RNA Switch Devices

2022-12-19 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2015

2015-10-20 00:00:00

Oracle Critical Patch Update - July 2016

2016-07-19 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.567 Medium

EPSS

Percentile

97.7%

JSON

Related for 8A87036F5C290A7EB193FCCEE8F258BACCA1FC57CC5D8A56759A27F177621DF5