[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0224Date: (C)2014-06-16   (M)2024-03-27


OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.4CVSS Score : 5.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
SECTRACK-1031032
SECTRACK-1031594
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://seclists.org/fulldisclosure/2014/Jun/38
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SECUNIA-58128
SECUNIA-58337
SECUNIA-58385
SECUNIA-58433
SECUNIA-58492
SECUNIA-58579
SECUNIA-58615
SECUNIA-58639
SECUNIA-58660
SECUNIA-58667
SECUNIA-58713
SECUNIA-58714
SECUNIA-58716
SECUNIA-58719
SECUNIA-58742
SECUNIA-58743
SECUNIA-58745
SECUNIA-58759
SECUNIA-58930
SECUNIA-58939
SECUNIA-58945
SECUNIA-58977
SECUNIA-59004
SECUNIA-59012
SECUNIA-59040
SECUNIA-59043
SECUNIA-59055
SECUNIA-59063
SECUNIA-59093
SECUNIA-59101
SECUNIA-59120
SECUNIA-59126
SECUNIA-59132
SECUNIA-59135
SECUNIA-59142
SECUNIA-59162
SECUNIA-59163
SECUNIA-59167
SECUNIA-59175
SECUNIA-59186
SECUNIA-59188
SECUNIA-59189
SECUNIA-59190
SECUNIA-59191
SECUNIA-59192
SECUNIA-59202
SECUNIA-59211
SECUNIA-59214
SECUNIA-59215
SECUNIA-59223
SECUNIA-59231
SECUNIA-59264
SECUNIA-59282
SECUNIA-59284
SECUNIA-59287
SECUNIA-59300
SECUNIA-59301
SECUNIA-59305
SECUNIA-59306
SECUNIA-59310
SECUNIA-59325
SECUNIA-59338
SECUNIA-59342
SECUNIA-59347
SECUNIA-59354
SECUNIA-59362
SECUNIA-59364
SECUNIA-59365
SECUNIA-59368
SECUNIA-59370
SECUNIA-59374
SECUNIA-59375
SECUNIA-59380
SECUNIA-59383
SECUNIA-59389
SECUNIA-59413
SECUNIA-59429
SECUNIA-59435
SECUNIA-59437
SECUNIA-59438
SECUNIA-59440
SECUNIA-59441
SECUNIA-59442
SECUNIA-59444
SECUNIA-59445
SECUNIA-59446
SECUNIA-59447
SECUNIA-59448
SECUNIA-59449
SECUNIA-59450
SECUNIA-59451
SECUNIA-59454
SECUNIA-59459
SECUNIA-59460
SECUNIA-59483
SECUNIA-59490
SECUNIA-59491
SECUNIA-59495
SECUNIA-59502
SECUNIA-59506
SECUNIA-59514
SECUNIA-59518
SECUNIA-59525
SECUNIA-59528
SECUNIA-59529
SECUNIA-59530
SECUNIA-59589
SECUNIA-59602
SECUNIA-59655
SECUNIA-59659
SECUNIA-59661
SECUNIA-59666
SECUNIA-59669
SECUNIA-59677
SECUNIA-59721
SECUNIA-59784
SECUNIA-59824
SECUNIA-59827
SECUNIA-59878
SECUNIA-59885
SECUNIA-59894
SECUNIA-59916
SECUNIA-59990
SECUNIA-60049
SECUNIA-60066
SECUNIA-60176
SECUNIA-60522
SECUNIA-60567
SECUNIA-60571
SECUNIA-60577
SECUNIA-60819
SECUNIA-61254
SECUNIA-61815
FEDORA-2014-9301
FEDORA-2014-9308
GLSA-201407-05
HPSBGN03050
HPSBGN03068
HPSBHF03052
HPSBHF03088
HPSBHF03145
HPSBMU03051
HPSBMU03053
HPSBMU03055
HPSBMU03056
HPSBMU03057
HPSBMU03058
HPSBMU03062
HPSBMU03065
HPSBMU03070
HPSBMU03071
HPSBMU03074
HPSBMU03076
HPSBMU03078
HPSBMU03083
HPSBMU03089
HPSBMU03094
HPSBMU03101
HPSBOV03047
HPSBPI03107
HPSBST03097
HPSBST03098
HPSBST03103
HPSBST03106
HPSBST03195
HPSBST03265
HPSBUX03046
IT02314
IV61506
MDVSA-2014:105
MDVSA-2014:106
MDVSA-2015:062
RHSA-2014:0624
RHSA-2014:0626
RHSA-2014:0627
RHSA-2014:0630
RHSA-2014:0631
RHSA-2014:0632
RHSA-2014:0633
RHSA-2014:0680
SSRT101818
SUSE-SU-2015:0578
SUSE-SU-2015:0743
VU#978508
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://ccsinjection.lepidum.co.jp
http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
http://esupport.trendmicro.com/solution/en-US/1103813.aspx
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
http://linux.oracle.com/errata/ELSA-2014-1053.html
http://puppetlabs.com/security/cve/cve-2014-0224
http://support.apple.com/kb/HT6443
http://support.citrix.com/article/CTX140876
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21675626
http://www-01.ibm.com/support/docview.wss?uid=swg21675821
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676071
http://www-01.ibm.com/support/docview.wss?uid=swg21676333
http://www-01.ibm.com/support/docview.wss?uid=swg21676334
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676478
http://www-01.ibm.com/support/docview.wss?uid=swg21676496
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://www-01.ibm.com/support/docview.wss?uid=swg21676536
http://www-01.ibm.com/support/docview.wss?uid=swg21676615
http://www-01.ibm.com/support/docview.wss?uid=swg21676644
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21676786
http://www-01.ibm.com/support/docview.wss?uid=swg21676833
http://www-01.ibm.com/support/docview.wss?uid=swg21676845
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
http://www-01.ibm.com/support/docview.wss?uid=swg21677080
http://www-01.ibm.com/support/docview.wss?uid=swg21677131
http://www-01.ibm.com/support/docview.wss?uid=swg21677390
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
http://www-01.ibm.com/support/docview.wss?uid=swg21677567
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
http://www-01.ibm.com/support/docview.wss?uid=swg21677836
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
http://www-01.ibm.com/support/docview.wss?uid=swg21678233
http://www-01.ibm.com/support/docview.wss?uid=swg21678289
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
http://www-01.ibm.com/support/docview.wss?uid=swg24037727
http://www-01.ibm.com/support/docview.wss?uid=swg24037729
http://www-01.ibm.com/support/docview.wss?uid=swg24037730
http://www-01.ibm.com/support/docview.wss?uid=swg24037731
http://www-01.ibm.com/support/docview.wss?uid=swg24037732
http://www-01.ibm.com/support/docview.wss?uid=swg24037761
http://www-01.ibm.com/support/docview.wss?uid=swg24037870
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
http://www.blackberry.com/btsc/KB36051
http://www.f-secure.com/en/web/labs_global/fsc-2014-6
http://www.fortiguard.com/advisory/FG-IR-14-018/
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.ibm.com/support/docview.wss?uid=isg3T1020948
http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
http://www.ibm.com/support/docview.wss?uid=swg21676356
http://www.ibm.com/support/docview.wss?uid=swg21676793
http://www.ibm.com/support/docview.wss?uid=swg21676877
http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://www.kerio.com/support/kerio-control/release-history
http://www.novell.com/support/kb/doc.php?id=7015264
http://www.novell.com/support/kb/doc.php?id=7015300
http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.splunk.com/view/SP-CAAAM2D
http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
https://access.redhat.com/site/blogs/766093/posts/908133
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
https://bugzilla.redhat.com/show_bug.cgi?id=1103586
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
https://discussions.nessus.org/thread/7517
https://filezilla-project.org/versions.php?type=server
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kb.bluecoat.com/index?page=content&id=SA80
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005
https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
https://www.ibm.com/support/docview.wss?uid=ssg1S1004671
https://www.imperialviolet.org/2014/06/05/earlyccs.html
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
https://www.novell.com/support/kb/doc.php?id=7015271
openSUSE-SU-2015:0229
openSUSE-SU-2016:0640

CPE    13
cpe:/a:redhat:jboss_enterprise_application_platform:6.2.3
cpe:/o:fedoraproject:fedora:20
cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0
cpe:/a:openssl:openssl
...
CWE    1
CWE-326
OVAL    41
oval:org.secpod.oval:def:1500637
oval:org.secpod.oval:def:1500639
oval:org.secpod.oval:def:702068
oval:org.secpod.oval:def:501321
...

© SecPod Technologies