OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
16 Aug 2022, 13:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* |
28 Jul 2022, 12:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
18 Jul 2022, 17:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Not Applicable, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory | |
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005Â - Broken Link |
17 Nov 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Nov 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2014-06-05 21:55
Updated : 2024-02-04 18:35
NVD link : CVE-2014-0224
Mitre link : CVE-2014-0224
CVE.ORG link : CVE-2014-0224
JSON object : View
Products Affected
redhat
- storage
- enterprise_linux
- jboss_enterprise_web_server
- jboss_enterprise_application_platform
- jboss_enterprise_web_platform
nodejs
- node.js
filezilla-project
- filezilla_server
siemens
- s7-1500
- cp1543-1
- application_processing_engine_firmware
- rox_firmware
- cp1543-1_firmware
- application_processing_engine
- s7-1500_firmware
- rox
fedoraproject
- fedora
openssl
- openssl
python
- python
opensuse
- opensuse
mariadb
- mariadb
CWE
CWE-326
Inadequate Encryption Strength