OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
2015年8月11日
风险等级: 緊急
CVE标识符: : CVE-2015-1793
建议日期 : 2015年7月9日
描述
A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
保护信息
Vulnerability Protection in Trend Micro Deep Security protects user systems from threats that may leverage this vulnerability with the following DPI rules:
- 1006855 – OpenSSL Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
- 1006856 – OpenSSL Client Alternative Chains Certificate Forgery Security Bypass Vulnerability (CVE-2015-1793)
解决方案
受感染软件和版本:
- OpenSSL 1.0.2c
- OpenSSL 1.0.2b
- OpenSSL 1.0.1n
- OpenSSL 1.0.1o