JVN/CVE Demo: Nvdinfos

NVD

Id: 24031
Name: CVE-2015-1791
Description: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Reject
CVSS Version: 2
CVSS Score: 6.8
Severity: Medium
CVSS Base Score: 6.8
CVSS Impact Subscore: 6.4
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Pub Date: 2017-01-19
Published: 2015-06-12
Modified Date: 2016-12-30
Seq: 2015-1791

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
127371	24031	CVE-2015-1791	http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015	View
127372	24031	CVE-2015-1791	NetBSD-SA2015-008	View
127373	24031	CVE-2015-1791	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694	View
127374	24031	CVE-2015-1791	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733	View
127375	24031	CVE-2015-1791	APPLE-SA-2015-08-13-2	View
127376	24031	CVE-2015-1791	FEDORA-2015-10047	View
127377	24031	CVE-2015-1791	FEDORA-2015-10108	View
127378	24031	CVE-2015-1791	openSUSE-SU-2015:1139	View
127379	24031	CVE-2015-1791	SUSE-SU-2015:1143	View
127380	24031	CVE-2015-1791	SUSE-SU-2015:1150	View
127381	24031	CVE-2015-1791	SUSE-SU-2015:1182	View
127382	24031	CVE-2015-1791	SUSE-SU-2015:1184	View
127383	24031	CVE-2015-1791	SUSE-SU-2015:1185	View
127384	24031	CVE-2015-1791	openSUSE-SU-2016:0640	View
127385	24031	CVE-2015-1791	SSRT102180	View
127386	24031	CVE-2015-1791	HPSBMU03409	View
127387	24031	CVE-2015-1791	RHSA-2015:1115	View
127388	24031	CVE-2015-1791	20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products	View
127389	24031	CVE-2015-1791	http://www-304.ibm.com/support/docview.wss?uid=swg21960041	View
127390	24031	CVE-2015-1791	DSA-3287	View
127391	24031	CVE-2015-1791	http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015	View
127392	24031	CVE-2015-1791	http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015	View
127393	24031	CVE-2015-1791	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	View
127394	24031	CVE-2015-1791	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	View
127395	24031	CVE-2015-1791	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	View
127396	24031	CVE-2015-1791	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	View
127397	24031	CVE-2015-1791	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	View
127398	24031	CVE-2015-1791	75161	View
127399	24031	CVE-2015-1791	91787	View
127400	24031	CVE-2015-1791	1032479	View
127401	24031	CVE-2015-1791	USN-2639-1	View
127402	24031	CVE-2015-1791	https://bto.bluecoat.com/security-advisory/sa98	View
127403	24031	CVE-2015-1791	https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc	View
127404	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763	View
127405	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044	View
127406	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888	View
127407	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667	View
127408	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380	View
127409	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351	View
127410	24031	CVE-2015-1791	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965	View
127411	24031	CVE-2015-1791	https://kc.mcafee.com/corporate/index?page=content&id=SB10122	View
127412	24031	CVE-2015-1791	https://openssl.org/news/secadv/20150611.txt	View
127413	24031	CVE-2015-1791	GLSA-201506-02	View
127414	24031	CVE-2015-1791	https://support.apple.com/kb/HT205031	View
127415	24031	CVE-2015-1791	https://www.openssl.org/news/secadv_20150611.txt	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
7763	JVNDB-2015-003083	OpenSSL の ssl/s3_clnt.c の ssl3_get_new_session_ticket 関数におけるサービス運用妨害 (DoS) の脆弱性	OpenSSL の ssl/s3_clnt.c の ssl3_get_new_session_ticket 関数には、マルチスレッドクライアントのために使用された場合、競合状態により、サービス運用妨害 (二重解放およびアプリケーションクラッシュ) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。	CVE-2015-1791	79016	CVE-2015-1791	24031	6.8		http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003083.html	2015-06-11	2016-11-22	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.36 MB
View render complete	33.08 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.52
Event: Controller.initialize	0.02
Event: Controller.startup	0.07
Controller action	363.91
Event: Controller.beforeRender	4.40
» Processing toolbar data	4.31
Rendering View	1397.93
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1343.04
» Event: View.afterRender	0.05
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	35.43
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	10.64
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/24031
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/24031
Remote Port	4576
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFRcuXA6GUpNkwuOX4MQfwAAAfY
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFRcuXA6GUpNkwuOX4MQfwAAAfY
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFRcuXA6GUpNkwuOX4MQfwAAAfY
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750359225.6882
Request Time	1750359225

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files