Description

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.

Remediation

References

CVE-2015-3197

Related Vulnerabilities

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29577)

WordPress Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-29447)

WordPress Plugin TemplatesNext ToolKit Cross-Site Scripting (3.2.7)

Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2011-2483)

Severity

Medium

Classification

CVE-2015-3197 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities