cbcvebase.
CVE-2015-1793
published 2015-07-09

CVE-2015-1793: The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA…

PriorityP263medium6.5CVSS 3.0
AVNACLPRNUINSUCLILAN
EXPLOIT
EPSS
61.80%
99.1th percentile
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Affected

17 ranges
VendorProductVersion rangeFixed in
ciscoproducts
debianopenssl< openssl 1.0.2d-1 (bookworm)openssl 1.0.2d-1 (bookworm)
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl
opensslopenssl>= 0 < 1.0.2d-11.0.2d-1
opensslopenssl>= 0 < 1.0.2d-11.0.2d-1
opensslopenssl>= 0 < 1.0.2d-11.0.2d-1
opensslopenssl>= 0 < 1.0.2d-11.0.2d-1
oraclejd_edwards_enterpriseone_tools
oraclejd_edwards_enterpriseone_tools
oracleopus_10g_ethernet_switch_family<= 2.0.0.6
oraclesupply_chain_products_suite
oraclesupply_chain_products_suite
oraclesupply_chain_products_suite
paloaltocortex_xdr

Detection & IOCsextracted from sources · hover to see the quote

pathcrypto/x509/x509_vfy.c
pathcrypto/x509v3/v3_purp.c
  • Detect exploitation by monitoring for TLS/SSL certificate chains where a leaf certificate (CA:FALSE or no basicConstraints) is presented as an issuer/CA for another certificate in the chain.
  • Flag TLS connections where the presented certificate chain contains a certificate with basicConstraints CA:FALSE acting as an issuer for a subordinate certificate — the exploit specifically sets CA:FALSE on the fake leaf cert used as a CA.
  • Monitor for MITM proxy behavior where a server presents a chain including a re-signed sub-intermediate CA certificate (original cacert re-issued under an attacker-controlled intermediate) alongside a valid leaf cert, consistent with the exploit's chain construction.
  • Check for X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY errors in OpenSSL logs as an indicator that exploitation was attempted but failed due to keyUsage constraints on the leaf certificate.
  • Vulnerable OpenSSL versions to flag in asset inventory or network traffic fingerprinting: 1.0.1n, 1.0.1o, 1.0.2b, 1.0.2c.
  • Use Qualys QID 38104 as a scanner check to identify hosts running vulnerable OpenSSL versions.
  • On FreeBSD, only 10.1-STABLE systems built after 2015-06-11 and before the correction date (2015-07-09) are affected; use svn revision r285330 as a patch-level indicator.
  • ·The X509_V_FLAG_NO_ALT_CHAINS flag can be set by applications to explicitly disable alternative chain building and prevent exploitation; absence of this flag is a prerequisite for vulnerability.
  • ·Exploitation requires the attacker-controlled leaf certificate to either lack the keyUsage extension entirely, or have at least the keyCertSign bit set; defenders should audit issued certificates for unnecessary keyCertSign grants.
  • ·The exploit module requires an active man-in-the-middle network position to function; passive network monitoring alone is insufficient for the attacker.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.