Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD3CC8BC4BEC831C480B3C4D48F5155CEEBCE658FB0583063BC38E5837444FBC8
HistoryAug 09, 2018 - 4:20 a.m.

Security Bulletin: Vulnerability in OpenSSL affects IBM® SDK for Node.js™ (CVE-2015-1793)

2018-08-0904:20:36
www.ibm.com
15

0.105 Low

EPSS

Percentile

95.0%

JSON

Summary

OpenSSL alternate chains certificate forgery vulnerability (CVE-2015-1793) disclosed by the OpenSSL Project on July 9 2015. IBM SDK for Node.js has addressed this CVE.

Vulnerability Details

CVEID: CVE-2015-1793**
DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by an implementation error of the alternative certificate chain logic. An attacker could exploit this vulnerability to bypass the CA flag and other specific checks on untrusted certificates and issue an invalid certificate.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104500&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

This vulnerability affects IBM SDK for Node.js v1.2.0.3 and v1.2.0.4.
This vulnerability affects IBM SDK for Node.js v1.1.0.15.

Remediation/Fixes

The fix for this vulnerability is included in IBM SDK for Node.js v1.2.0.5 and subsequent releases.
The fix for this vulnerability is included in IBM SDK for Node.js v1.1.0.16 and subsequent releases.

Note: A fix for CVE-2014-8176 was provided in OpenSSL versions 0.9.8za, 1.0.0m, and 1.0.1h. The original bulletin for this OpenSSL release is here.

IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.

IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.

Related

openvas 36
veracode 4
f5 4
ubuntucve 2
openssl 2
debiancve 2
nessus 44
mageia 1
altlinux 5
huawei 1
packetstorm 3
ibm 41
zdt 2
nvd 3
fortinet 2
prion 2
cvelist 2
cve 3
securityvulns 3
gentoo 2
checkpoint_advisories 1
freebsd_advisory 2
thn 1
archlinux 2
slackware 1
cisco 2
amazon 2
freebsd 2
ubuntu 1
debian 2
centos 1
redhat 2
osv 2
aix 1
suse 3
paloalto 2
arista 1
oraclelinux 3
fedora 2
symantec 1
ics 1
openvas
openvas
OpenSSL Denial of Service Vulnerability (20150611 - 3) - Linux
2021-07-29 00:00:00
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
2016-05-10 00:00:00
OpenSSL Denial of Service Vulnerability (20150611 - 3) - Windows
2021-07-29 00:00:00
veracode
veracode
Denial Of Service (DoS) Through Memory Consumption And Application Crash
2017-02-06 05:19:25
Denial Of Service (DoS) Through Memory Consumption And Application Crash
2019-01-15 09:06:14
Chain Certificate Forgery
2017-02-10 04:54:13
f5
f5
K16920 : OpenSSL vulnerability CVE-2014-8176
2015-07-07 00:00:00
SOL16920 - OpenSSL vulnerability CVE-2014-8176
2015-07-07 00:00:00
SOL16937 - OpenSSL vulnerability CVE-2015-1793
2015-07-08 00:00:00
ubuntucve
ubuntucve
CVE-2014-8176
2015-06-11 00:00:00
CVE-2015-1793
2015-07-09 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-8176
2015-06-11 00:00:00
Vulnerability in OpenSSL CVE-2015-1793
2015-07-09 00:00:00
debiancve
debiancve
CVE-2014-8176
2015-06-12 19:59:00
CVE-2015-1793
2015-07-09 19:17:00
nessus
nessus
Cisco Prime Security Manager OpenSSL Alternative Chains Certificate Forgery (cisco-sa-20150710-openssl)
2015-09-23 00:00:00
FreeBSD : openssl -- alternate chains certificate forgery vulnerability (075952fe-267e-11e5-9d03-3c970e169bc2)
2015-07-13 00:00:00
Fedora 21 : openssl-1.0.1k-11.fc21 (2015-11414)
2015-07-14 00:00:00
mageia
mageia
Updated openssl package fixes security vulnerability
2015-07-10 11:12:35
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1k-alt4
2015-07-09 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1k-alt4
2015-07-09 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1k-alt4
2015-07-09 00:00:00
huawei
huawei
Security Advisory - MITM Vulnerability in the OpenSSL Module of Huawei eSight Network
2015-09-19 00:00:00
packetstorm
packetstorm
OpenSSL Alternative Chains Certificate Forgery
2015-11-06 00:00:00
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
2015-07-27 00:00:00
Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
2017-07-14 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automaiton Framework (CVE-2015-1793)
2018-06-17 05:05:14
Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Master Data Management ( CVE-2015-1793)
2022-04-27 09:58:00
Security Bulletin: Vulnerability in OpenSSL affects Rational Tau (CVE-2015-1793)
2018-06-17 05:04:34
zdt
zdt
OpenSSL Alternative Chains Certificate Forgery Vulnerability
2015-11-05 00:00:00
OpenSSL 1.0.2c Alternative chains certificate forgery Vulnerability
2015-07-11 00:00:00
nvd
nvd
CVE-2015-1793
2015-07-09 19:17:00
CVE-2014-8176
2015-06-12 19:59:00
CVE-2015-8176
2015-07-13 16:59:00
fortinet
fortinet
CVE-2015-1793 OpenSSL "Alternative Chains Certificate Forgery"
2015-07-09 00:00:00
OpenSSL vulnerabilities - June 2015
2015-06-11 00:00:00
prion
prion
Memory corruption
2015-06-12 19:59:00
Code injection
2015-07-09 19:17:00
cvelist
cvelist
CVE-2014-8176
2015-06-12 00:00:00
CVE-2015-1793
2015-07-09 19:00:00
cve
cve
CVE-2014-8176
2015-06-12 19:59:00
CVE-2015-1793
2015-07-09 19:17:00
CVE-2015-8176
2022-10-03 16:16:00
securityvulns
securityvulns
OpenSSL restrictions bypass
2015-07-09 00:00:00
[USN-2639-1] OpenSSL vulnerabilities
2015-06-13 00:00:00
OpenSSL multiple security vulnerabilities
2015-06-13 00:00:00
gentoo
gentoo
OpenSSL: Alternate chains certificate forgery
2015-07-10 00:00:00
OpenSSL: Multiple vulnerabilities
2015-06-22 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793)
2015-07-19 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:12.openssl
2015-07-09 00:00:00
FreeBSD-SA-15:10.openssl
2015-06-12 00:00:00
thn
thn
Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate
2015-07-09 07:05:00
archlinux
archlinux
openssl: man-in-the-middle
2015-07-09 00:00:00
lib32-openssl: man-in-the-middle
2015-07-13 00:00:00
slackware
slackware
[slackware-security] openssl
2015-07-09 19:17:02
cisco
cisco
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
2015-07-10 16:00:00
Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
2015-06-12 16:00:00
amazon
amazon
Critical: openssl
2015-07-09 06:15:00
Medium: openssl
2015-06-16 11:29:00
freebsd
freebsd
openssl -- alternate chains certificate forgery vulnerability
2015-07-09 00:00:00
openssl -- multiple vulnerabilities
2015-06-11 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-06-11 00:00:00
debian
debian
[SECURITY] [DLA 247-1] openssl security update
2015-06-17 21:46:50
[SECURITY] [DSA 3287-1] openssl security update
2015-06-13 14:32:55
centos
centos
openssl security update
2015-06-15 20:01:35
redhat
redhat
(RHSA-2015:1115) Moderate: openssl security update
2015-06-15 00:00:00
(RHSA-2016:2957) Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
2016-12-15 22:02:12
osv
osv
openssl - security update
2015-06-17 00:00:00
openssl - security update
2015-06-13 00:00:00
aix
aix
Multiple Security vulnerabilities in AIX OpenSSL
2015-07-15 00:20:05
suse
suse
Security update for OpenSSL (important)
2015-07-03 16:06:39
Security update for libressl (important)
2015-07-22 15:08:14
Security update to MySQL 5.6.27 (important)
2015-12-10 12:12:21
paloalto
paloalto
OpenSSL Vulnerabilities
2016-10-18 00:00:00
OpenSSL Vulnerabilities
2016-08-15 00:00:00
arista
arista
Security Advisory 0011
2015-06-17 00:00:00
oraclelinux
oraclelinux
openssl security update
2015-06-15 00:00:00
openssl security update
2015-12-14 00:00:00
openssl security update
2021-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-11.fc22
2015-07-13 19:18:15
[SECURITY] Fedora 21 Update: openssl-1.0.1k-11.fc21
2015-07-13 19:12:30
symantec
symantec
SA98 : OpenSSL Security Advisory 11-June-2015
2015-06-17 08:00:00
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00

0.105 Low

EPSS

Percentile

95.0%

JSON
Related for D3CC8BC4BEC831C480B3C4D48F5155CEEBCE658FB0583063BC38E5837444FBC8
openvas36veracode4f54ubuntucve2openssl2debiancve2nessus44mageia1altlinux5huawei1packetstorm3ibm41zdt2nvd3fortinet2prion2cvelist2cve3securityvulns3gentoo2checkpoint_advisories1freebsd_advisory2thn1archlinux2slackware1cisco2amazon2freebsd2ubuntu1debian2centos1redhat2osv2aix1suse3paloalto2arista1oraclelinux3fedora2symantec1ics1