[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2014-3040 -- Oracle openssl

ID: oval:org.secpod.oval:def:1500594Date: (C)2014-07-20   (M)2017-10-27
Class: PATCHFamily: unix




OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Platform:
Oracle Linux 4
Product:
openssl
Reference:
ELSA-2014-3040
CVE-2014-0224
CVE    1
CVE-2014-0224
CPE    68
cpe:/a:openssl:openssl
cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0
cpe:/a:redhat:jboss_enterprise_application_platform:6.2.3
cpe:/a:redhat:jboss_enterprise_web_server:2.0.1
...

© 2013 SecPod Technologies