What is CVE-2015-3197?

CVE-2015-3197 is a medium-severity vulnerability in Openssl, classified under Information Disclosure. CVSS score: 5.9/10. Published 2016-02-15.

How severe is CVE-2015-3197?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Is CVE-2015-3197 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Openssl

CVE-2015-3197

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations o…

Vulnerability class: Information Disclosure

EPSS: 0.222 (95.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Openssl — versions 1.0.1, 1.0.1a, 1.0.1b
Oracle Exalogic_infrastructure — versions 1.0, 2.0
Oracle Oss_support_tools — versions 8.11.16.3.8
Oracle Peoplesoft_enterprise_peopletools — versions 8.53, 8.54, 8.55
Oracle Tuxedo — versions 12.1.1.0
Oracle Vm_virtualbox — versions 5.0.16
N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

References

secalert@redhat.com
FEDORA-2016-527018d2ff (vendor-advisory)
secalert@redhat.com
openSUSE-SU-2016:0638 (vendor-advisory)
secalert@redhat.com
openSUSE-SU-2016:1239 (vendor-advisory)
SUSE-SU-2016:0621 (vendor-advisory)
1034849 (vdb-entry)
openSUSE-SU-2016:0640 (vendor-advisory)
secalert@redhat.com

Frequently asked questions

What is CVE-2015-3197?: CVE-2015-3197 is a medium-severity vulnerability in Openssl, classified under Information Disclosure. CVSS score: 5.9/10. Published 2016-02-15.
How severe is CVE-2015-3197?: Medium severity. CVSS v3 base score is 5.9 out of 10.
Is CVE-2015-3197 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.