SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2014-3568

Date: (C)2014-10-31 (M)2024-02-22

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1031053

APPLE-SA-2015-01-27-4

APPLE-SA-2015-09-16-2

NetBSD-SA2014-015

SUSE-SU-2014:1357

SUSE-SU-2014:1361

SUSE-SU-2015:0578

http://support.apple.com/HT204244

http://www-01.ibm.com/support/docview.wss?uid=swg21686997

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://kc.mcafee.com/corporate/index?page=content&id=SB10091

https://support.apple.com/HT205217

https://support.citrix.com/article/CTX216642

https://www.openssl.org/news/secadv_20141015.txt

openSUSE-SU-2014:1331

openSUSE-SU-2016:0640

openssl-cve20143568-sec-bypass(97037)

cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0j
...

oval:org.secpod.oval:def:1600169
oval:org.secpod.oval:def:23428
oval:org.secpod.oval:def:601802
oval:org.secpod.oval:def:21399
...

© SecPod Technologies