EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html | Broken Link |
http://www.securityfocus.com/bid/72534 | Third Party Advisory VDB Entry |
https://secure-resumption.com/ | Technical Description |
Configurations
Configuration 1 (hide)
|
History
09 Dec 2021, 18:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dell:bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.2:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:emc:rsa_bsafe_ssl-j:*:*:*:*:*:*:*:* |
cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:*:*:*:*:*:*:* |
30 Nov 2021, 17:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:emc:rsa_bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:emc:rsa_bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:emc:rsa_bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:emc:rsa_bsafe:4.0.1:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:emc:rsa_bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:* |
cpe:2.3:a:dell:bsafe:4.0.1:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.4:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.3:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.2:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.5:*:*:*:micro_edition_suite:*:*:* cpe:2.3:a:dell:bsafe:4.0.0:*:*:*:micro_edition_suite:*:*:* |
Information
Published : 2014-12-30 15:59
Updated : 2024-02-04 18:35
NVD link : CVE-2014-4630
Mitre link : CVE-2014-4630
CVE.ORG link : CVE-2014-4630
JSON object : View
Products Affected
dell
- bsafe_micro-edition-suite
- bsafe_ssl-j
CWE
CWE-310
Cryptographic Issues