{
  "threat_severity" : "Low",
  "public_date" : "2015-01-08T00:00:00Z",
  "bugzilla" : {
    "description" : "openssl: DH client certificates accepted without verification",
    "id" : "1180239",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1180239"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key." ],
  "statement" : "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0066",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "openssl-0:1.0.1e-30.el6_6.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-01-21T00:00:00Z",
    "advisory" : "RHSA-2015:0066",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "openssl-1:1.0.1e-34.el7_0.7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "openssl097a",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "openssl098e",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "openssl098e",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 1",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 2",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2"
  }, {
    "product_name" : "Red Hat Storage 2.1",
    "fix_state" : "Affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/a:redhat:storage:2.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0205\nhttps://www.openssl.org/news/secadv_20150108.txt" ],
  "name" : "CVE-2015-0205",
  "csaw" : false
}