CVE-2015-2859 (GCVE-0-2015-2859)
Vulnerability from cvelistv5 – Published: 2015-06-23 21:00 – Updated: 2024-08-06 05:24
VLAI?
Summary
Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#264092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/264092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120"
},
{
"name": "75020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75020"
},
{
"name": "1032571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032571"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#264092",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/264092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120"
},
{
"name": "75020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75020"
},
{
"name": "1032571",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032571"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#264092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/264092"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120"
},
{
"name": "75020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75020"
},
{
"name": "1032571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032571"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2859",
"datePublished": "2015-06-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-2859\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-06-23T21:59:00.240\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.\"},{\"lang\":\"es\",\"value\":\"Intel McAfee ePolicy Orchestrator (ePO) 4.x hasta 4.6.9 y 5.x hasta 5.1.2 no valida los nombres de servidores y los nombres de de autoridades certificadoras en los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"485DB16F-730A-44B2-A255-2583AB27DB9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C721D48-5D9B-4BFF-8A7F-6E88D1F78F34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6131764-811B-4302-B160-D6447D20795E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4773B847-1E1D-4106-88CF-35E38412466E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADCCFECD-BFB3-415D-B381-D0FC714E8434\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BA5473B-AF93-46A4-A28B-50B9E82BAFCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9C4BAB1-E198-477E-9B48-4CC526583A17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D84606C7-E033-4864-A527-C75F4B7A307E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4A1B55-452B-4D1F-908E-795197974F4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5A2CABB-0BCB-4266-BA58-9FC81E89555C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0080A5E-19E2-4BAA-BA80-1904A774CF8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3171A1A7-E1B6-4957-BABE-DC0997ACB27B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9284BEB-25CF-4888-AFDD-0073080361BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30C57CEF-BEAC-4BC8-9CBE-17B797EC52F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBBFF999-B630-4011-97CC-0C85251F7A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B45EBD-531A-4052-82E0-BE3F43132337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:4.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA7EEDB-DFCE-464D-A4C3-7727BCF57E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD14FE96-A47F-4C92-90E8-678D93BB4CB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648AAB2A-310B-493E-89DF-E8BCA56FB6FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE33AFB8-9962-4D75-B613-D5032A0949A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBA52A8-233F-4015-B44B-1BF7B5593CCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0DBB72F-A984-4641-9230-97B815FCD31C\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/264092\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/75020\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securitytracker.com/id/1032571\",\"source\":\"cret@cert.org\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/264092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/75020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=KB84628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…