Medium severity6.5NVD Advisory· Published Jul 9, 2015· Updated May 6, 2026
CVE-2015-1793
CVE-2015-1793
Description
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
Affected products
10cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:opus_10g_ethernet_switch_family:*:*:*:*:*:*:*:*Range: <=2.0.0.6
cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:supply_chain_products_suite:6.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:supply_chain_products_suite:6.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:supply_chain_products_suite:6.2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlnvdPatch
- www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlnvdPatch
- www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlnvdPatch
- openssl.org/news/secadv_20150709.txtnvdVendor Advisory
- fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgerynvd
- ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.ascnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.htmlnvd
- marc.infonvd
- marc.infonvd
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-opensslnvd
- www.fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgerynvd
- www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvd
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvd
- www.securityfocus.com/bid/75652nvd
- www.securityfocus.com/bid/91787nvd
- www.securitytracker.com/id/1032817nvd
- www.slackware.com/security/viewer.phpnvd
- www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454058.htmnvd
- h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesnvd
- kc.mcafee.com/corporate/indexnvd
- security.gentoo.org/glsa/201507-15nvd
- www.exploit-db.com/exploits/38640/nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.ascnvd
News mentions
0No linked articles in our index yet.