Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Remediation

References

CVE-2015-1793

Related Vulnerabilities

WordPress Plugin Subscriptions & Memberships for PayPal Cross-Site Scripting (1.1.2)

WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.4)

PHP Numeric Errors Vulnerability (CVE-2011-4566)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6316)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)

Severity

Medium

Classification

CVE-2015-1793 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities