CVE-2015-1793

Severity CVSS v4.0:
Pending analysis
Type:
CWE-254 Security Features
Publication date:
09/07/2015
Last modified:
12/04/2025

Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:* 2.0.0.6 (including)


References to Advisories, Solutions, and Tools