CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0205

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.191

EPSS Ranking 95.0%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2015-0205

Openssl » Openssl » Version: 1.0.0a

cpe:2.3:a:openssl:openssl:1.0.0a
Openssl » Openssl » Version: 1.0.0b

cpe:2.3:a:openssl:openssl:1.0.0b
Openssl » Openssl » Version: 1.0.0c

cpe:2.3:a:openssl:openssl:1.0.0c
Openssl » Openssl » Version: 1.0.0d

cpe:2.3:a:openssl:openssl:1.0.0d
Openssl » Openssl » Version: 1.0.0e

cpe:2.3:a:openssl:openssl:1.0.0e
Openssl » Openssl » Version: 1.0.0f

cpe:2.3:a:openssl:openssl:1.0.0f
Openssl » Openssl » Version: 1.0.0g

cpe:2.3:a:openssl:openssl:1.0.0g
Openssl » Openssl » Version: 1.0.0h

cpe:2.3:a:openssl:openssl:1.0.0h
Openssl » Openssl » Version: 1.0.0i

cpe:2.3:a:openssl:openssl:1.0.0i
Openssl » Openssl » Version: 1.0.0j

cpe:2.3:a:openssl:openssl:1.0.0j
Openssl » Openssl » Version: 1.0.0k

cpe:2.3:a:openssl:openssl:1.0.0k
Openssl » Openssl » Version: 1.0.0l

cpe:2.3:a:openssl:openssl:1.0.0l
Openssl » Openssl » Version: 1.0.0m

cpe:2.3:a:openssl:openssl:1.0.0m
Openssl » Openssl » Version: 1.0.0n

cpe:2.3:a:openssl:openssl:1.0.0n
Openssl » Openssl » Version: 1.0.0o

cpe:2.3:a:openssl:openssl:1.0.0o
Openssl » Openssl » Version: 1.0.1a

cpe:2.3:a:openssl:openssl:1.0.1a
Openssl » Openssl » Version: 1.0.1b

cpe:2.3:a:openssl:openssl:1.0.1b
Openssl » Openssl » Version: 1.0.1c

cpe:2.3:a:openssl:openssl:1.0.1c
Openssl » Openssl » Version: 1.0.1d

cpe:2.3:a:openssl:openssl:1.0.1d
Openssl » Openssl » Version: 1.0.1e

cpe:2.3:a:openssl:openssl:1.0.1e
Openssl » Openssl » Version: 1.0.1f

cpe:2.3:a:openssl:openssl:1.0.1f
Openssl » Openssl » Version: 1.0.1g

cpe:2.3:a:openssl:openssl:1.0.1g
Openssl » Openssl » Version: 1.0.1h

cpe:2.3:a:openssl:openssl:1.0.1h
Openssl » Openssl » Version: 1.0.1i

cpe:2.3:a:openssl:openssl:1.0.1i
Openssl » Openssl » Version: 1.0.1j

cpe:2.3:a:openssl:openssl:1.0.1j

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-0205

Products

Pricing

Contact Us