OpenSSL Alternative Chains Certificate Forgery Vulnerability (CVE-2015-1793)

On July 9, 2015, OpenSSL disclosed a flaw in the way alternative certificate chains are verified. This only impacts versions of OpenSSL released since June 2015: v1.0.2c, v1.0.2b, v1.0.1o and v1.0.1n. Exploitation of this vulnerability could allow an attacker to bypass certain certificate validation checks, enabling them to issue an invalid certificate. Additional information about the VENOM vulnerability is available on the NIST web site CVE-2015-1793 .

HP takes security vulnerabilities seriously and works collaboratively through organizations like the Information Technology Information Sharing & Analysis Center (IT-ISAC), government agencies and industry partners to share information about the vulnerabilities and how to effectively address them. HP consistently employs security controls and procedures to protect against attacks that target our systems and networks.

What can you do?

Get the latest information regarding potential impact on Enterprise Products

Please visit this HP Support Center page and click the blue "Search" button.

Subscribe to HP Security Bulletins

You may subscribe to receive alerts for HP Security Bulletins published for impacted products.

Resources

• HP Product Security Vulnerability Alerts – See All Key Vulnerabilities
• https://www.openssl.org/news/secadv_20150709.txt