[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114411

 
 

909

 
 

88812

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-3040 -- Oracle openssl

ID: oval:org.secpod.oval:def:1500594Date: (C)2014-07-20   (M)2018-05-12
Class: PATCHFamily: unix




OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Platform:
Oracle Linux 4
Product:
openssl
Reference:
ELSA-2014-3040
CVE-2014-0224
CVE    1
CVE-2014-0224
CPE    57
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.1e
...

© SecPod Technologies