CVE-2015-1793

MEDIUM

Oracle Supply Chain Products Suite < 2.0.0.6 - Security Feature Bypass

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-1793. PoCs published by Ramon de C Valle, David Benjamin, Adam Langley, Ramon de C Valle, including Metasploit module auxiliary/server/openssl_altchainsforgery_mitm_proxy.

AI-analyzed exploit summary This exploit leverages CVE-2015-1793, a vulnerability in OpenSSL's certificate verification process, to perform a man-in-the-middle attack by generating a fake certificate chain. It acts as a proxy to intercept and relay SSL/TLS traffic between a client and server.

Description

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.

Exploits (2)

exploitdb WORKING POC
by Ramon de C Valle · rubywebappsmultiple
https://www.exploit-db.com/exploits/38640

This exploit leverages CVE-2015-1793, a vulnerability in OpenSSL's certificate verification process, to perform a man-in-the-middle attack by generating a fake certificate chain. It acts as a proxy to intercept and relay SSL/TLS traffic between a client and server.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL versions with vulnerable certificate verification (e.g., OpenSSL 1.0.2 before 1.0.2a, 1.0.1 before 1.0.1m)
No auth needed
Prerequisites: Valid CA certificate, private key, and certificate to impersonate · Network position to intercept traffic
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by David Benjamin, Adam Langley, Ramon de C Valle · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/server/openssl_altchainsforgery_mitm_proxy.rb

This Metasploit module exploits CVE-2015-1793 in OpenSSL by forging a certificate chain to bypass client-side validation, enabling a MITM attack. It proxies SSL/TLS traffic between client and server while impersonating the server with a crafted certificate.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL (versions affected by CVE-2015-1793)
No auth needed
Prerequisites: Valid leaf certificate without keyUsage restrictions or with keyCertSign bit set · Active MITM position · Target client using vulnerable OpenSSL version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (31)

Core 31
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=143880121627664&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032817
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201507-15
Vendor Advisory vendor-advisory x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html
Vendor Advisory x_refsource_confirm
http://openssl.org/news/secadv_20150709.txt
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144370846326989&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91787
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75652
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38640/
Vendor Advisory vendor-advisory x_refsource_netbsd
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

Scores

CVSS v3 6.5
EPSS 0.6180
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-254
Status published
Products (10)
openssl/openssl 1.0.1n
openssl/openssl 1.0.1o
openssl/openssl 1.0.2b
openssl/openssl 1.0.2c
oracle/jd_edwards_enterpriseone_tools 9.1
oracle/jd_edwards_enterpriseone_tools 9.2
oracle/opus_10g_ethernet_switch_family < 2.0.0.6
oracle/supply_chain_products_suite 6.1.2.2
oracle/supply_chain_products_suite 6.1.3.0
oracle/supply_chain_products_suite 6.2.0
Published Jul 09, 2015
Tracked Since Feb 18, 2026