Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-3195 - Vulnerability Database
Oracle HTTP Server

Oracle HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2015-3195

Medium
Reference: CVE-2015-3195
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3195
Title: Oracle HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh 1.0.0 before 1.0.0t 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS7 or CMS application.