CVE-2014-4630

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html	Broken Link
http://www.securityfocus.com/bid/72534	Third Party Advisory VDB Entry
https://secure-resumption.com/	Technical Description
http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html	Broken Link
http://www.securityfocus.com/bid/72534	Third Party Advisory VDB Entry
https://secure-resumption.com/	Technical Description

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:::::::*
	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:::::::*
	cpe:2.3:a:dell:bsafe_ssl-j::::::::

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html - Broken Link
References	~~() http://www.securityfocus.com/bid/72534 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/72534 - Third Party Advisory, VDB Entry
References	~~() https://secure-resumption.com/ - Technical Description~~	() https://secure-resumption.com/ - Technical Description

09 Dec 2021, 18:31

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:bsafe:4.0.1::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.4::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.3::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.2::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.5::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.0::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe_ssl-j::::::::	cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.3:::::::* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.4:::::::* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.0:::::::* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.2:::::::* cpe:2.3:a:dell:bsafe_ssl-j:::::::: cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.1:::::::* cpe:2.3:a:dell:bsafe_micro-edition-suite:4.0.5:::::::*

30 Nov 2021, 17:24

Type	Values Removed	Values Added
CPE	cpe:2.3:a:emc:rsa_bsafe:4.0.2::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe:4.0.4::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe:4.0.3::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe:4.0.0::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe:4.0.1::::micro_edition_suite::: cpe:2.3:a:emc:rsa_bsafe:4.0.5::::micro_edition_suite:::	cpe:2.3:a:dell:bsafe:4.0.1::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.4::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.3::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.2::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.5::::micro_edition_suite::: cpe:2.3:a:dell:bsafe:4.0.0::::micro_edition_suite:::

Information

Published : 2014-12-30 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4630

Mitre link : CVE-2014-4630

CVE.ORG link : CVE-2014-4630

JSON object : View

Products Affected

dell

bsafe_ssl-j
bsafe_micro-edition-suite

CWE

CWE-310

Cryptographic Issues

4.3 /10