CVE-2014-0224 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-0224

CVE-2014-0224

June 05, 2014

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Related Resources (306)

http://marc.info/?l=bugtraq&m=140784085708882&w=2

http://secunia.com/advisories/61254

http://www.vmware.com/security/advisories/VMSA-2014-0006.html

http://marc.info/?l=bugtraq&m=140266410314613&w=2

http://secunia.com/advisories/59188

http://secunia.com/advisories/59514

http://secunia.com/advisories/60066

http://secunia.com/advisories/59441

http://support.citrix.com/article/CTX140876

http://secunia.com/advisories/60571

http://secunia.com/advisories/59389

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

http://secunia.com/advisories/59784

http://secunia.com/advisories/59101

http://secunia.com/advisories/59446

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://secunia.com/advisories/59721

http://secunia.com/advisories/59659

http://secunia.com/advisories/58385

http://www-01.ibm.com/support/docview.wss?uid=swg24037870

http://marc.info/?l=bugtraq&m=140621259019789&w=2

http://secunia.com/advisories/59677

http://secunia.com/advisories/59413

http://www-01.ibm.com/support/docview.wss?uid=swg24037727

http://www-01.ibm.com/support/docview.wss?uid=swg21676536

http://secunia.com/advisories/61815

http://secunia.com/advisories/59135

http://secunia.com/advisories/59342

http://www-01.ibm.com/support/docview.wss?uid=swg21683332

https://filezilla-project.org/versions.php?type=server

http://seclists.org/fulldisclosure/2014/Jun/38

http://www-01.ibm.com/support/docview.wss?uid=swg21676035

http://secunia.com/advisories/59347

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754

http://secunia.com/advisories/58939

http://linux.oracle.com/errata/ELSA-2014-1053.html

http://www-01.ibm.com/support/docview.wss?uid=swg21677695

http://secunia.com/advisories/59163

http://marc.info/?l=bugtraq&m=140852826008699&w=2

http://rhn.redhat.com/errata/RHSA-2014-0627.html

http://secunia.com/advisories/59530

http://secunia.com/advisories/59435

http://marc.info/?l=bugtraq&m=140870499402361&w=2

https://access.redhat.com/site/blogs/766093/posts/908133

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756

http://secunia.com/advisories/59442

http://marc.info/?l=bugtraq&m=140389355508263&w=2

http://rhn.redhat.com/errata/RHSA-2014-0631.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://secunia.com/advisories/58128

http://secunia.com/advisories/58719

http://marc.info/?l=bugtraq&m=140491231331543&w=2

http://secunia.com/advisories/59223

http://secunia.com/advisories/59506

http://www-01.ibm.com/support/docview.wss?uid=swg21676889

http://www-01.ibm.com/support/docview.wss?uid=swg21676845

https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005

http://secunia.com/advisories/60176

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217

http://secunia.com/advisories/59437

http://www.openssl.org/news/secadv_20140605.txt

http://marc.info/?l=bugtraq&m=141383410222440&w=2

http://secunia.com/advisories/59093

http://secunia.com/advisories/59528

http://www-01.ibm.com/support/docview.wss?uid=swg24037730

https://bugzilla.redhat.com/show_bug.cgi?id=1103586

http://www-01.ibm.com/support/docview.wss?uid=swg24037761

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

http://secunia.com/advisories/58743

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757

http://www.splunk.com/view/SP-CAAAM2D

http://marc.info/?l=bugtraq&m=141164638606214&w=2

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

http://www-01.ibm.com/support/docview.wss?uid=swg21676644

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://secunia.com/advisories/59429

http://marc.info/?l=bugtraq&m=140431828824371&w=2

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E

http://secunia.com/advisories/58579

http://secunia.com/advisories/59885

http://www-01.ibm.com/support/docview.wss?uid=swg24037731

http://secunia.com/advisories/59211

http://www-01.ibm.com/support/docview.wss?uid=swg21676496

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740

http://secunia.com/advisories/59040

http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html

http://secunia.com/advisories/59055

http://puppetlabs.com/security/cve/cve-2014-0224

http://marc.info/?l=bugtraq&m=141147110427269&w=2

http://marc.info/?l=bugtraq&m=140672208601650&w=2

http://www.mandriva.com/security/advisories?name=MDVSA-2014:106

http://secunia.com/advisories/59202

http://www-01.ibm.com/support/docview.wss?uid=swg21676333

http://secunia.com/advisories/59483

http://secunia.com/advisories/58745

http://www-01.ibm.com/support/docview.wss?uid=swg21676062

http://www.ibm.com/support/docview.wss?uid=swg1IT02314

http://secunia.com/advisories/59120

http://www.ibm.com/support/docview.wss?uid=swg21676877

http://secunia.com/advisories/58615

http://secunia.com/advisories/59451

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html

http://www-01.ibm.com/support/docview.wss?uid=swg21677828

http://marc.info/?l=bugtraq&m=142546741516006&w=2

http://secunia.com/advisories/59460

http://secunia.com/advisories/59459

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

http://secunia.com/advisories/59368

http://secunia.com/advisories/59495

http://www-01.ibm.com/support/docview.wss?uid=swg21676478

http://secunia.com/advisories/59012

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues

http://secunia.com/advisories/58639

http://marc.info/?l=bugtraq&m=140499864129699&w=2

http://secunia.com/advisories/59669

http://security.gentoo.org/glsa/glsa-201407-05.xml

https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1

http://secunia.com/advisories/58337

http://secunia.com/advisories/59666

http://www-01.ibm.com/support/docview.wss?uid=swg21677131

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737

http://secunia.com/advisories/59878

http://www.securitytracker.com/id/1031594

http://marc.info/?l=bugtraq&m=140317760000786&w=2

http://marc.info/?l=bugtraq&m=140389274407904&w=2

http://www.novell.com/support/kb/doc.php?id=7015264

http://secunia.com/advisories/59167

http://secunia.com/advisories/59264

http://secunia.com/advisories/58492

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

http://www.blackberry.com/btsc/KB36051

http://ccsinjection.lepidum.co.jp

http://secunia.com/advisories/59447

http://support.apple.com/kb/HT6443

http://secunia.com/advisories/59310

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

http://www-01.ibm.com/support/docview.wss?uid=swg21676419

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

http://rhn.redhat.com/errata/RHSA-2014-0624.html

http://secunia.com/advisories/59043

http://www-01.ibm.com/support/docview.wss?uid=swg21673137

http://marc.info/?l=bugtraq&m=140386311427810&w=2

http://secunia.com/advisories/59287

http://secunia.com/advisories/58716

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163

http://www.f-secure.com/en/web/labs_global/fsc-2014-6

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://secunia.com/advisories/59301

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755

http://secunia.com/advisories/59132

http://secunia.com/advisories/59449

http://www-01.ibm.com/support/docview.wss?uid=swg24037729

http://secunia.com/advisories/59827

http://secunia.com/advisories/59063

http://secunia.com/advisories/59004

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506

http://secunia.com/advisories/59190

http://www.ibm.com/support/docview.wss?uid=swg21676356

http://secunia.com/advisories/58759

http://secunia.com/advisories/60819

http://secunia.com/advisories/59162

http://www-01.ibm.com/support/docview.wss?uid=swg21677527

http://www.ibm.com/support/docview.wss?uid=swg21676793

http://secunia.com/advisories/60522

http://secunia.com/advisories/59365

http://www-01.ibm.com/support/docview.wss?uid=swg21676615

http://www.securitytracker.com/id/1031032

http://www-01.ibm.com/support/docview.wss?uid=swg21678233

http://secunia.com/advisories/58713

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E

http://esupport.trendmicro.com/solution/en-US/1103813.aspx

https://security-tracker.debian.org/tracker/CVE-2014-0224

http://secunia.com/advisories/59215

http://www-01.ibm.com/support/docview.wss?uid=swg21676334

http://secunia.com/advisories/59338

http://rhn.redhat.com/errata/RHSA-2014-0632.html

http://rhn.redhat.com/errata/RHSA-2014-0633.html

http://secunia.com/advisories/59438

http://www-01.ibm.com/support/docview.wss?uid=swg21677080

http://marc.info/?l=bugtraq&m=141383465822787&w=2

http://marc.info/?l=bugtraq&m=140794476212181&w=2

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://secunia.com/advisories/59894

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

http://secunia.com/advisories/59450

http://marc.info/?l=bugtraq&m=142350350616251&w=2

https://www.novell.com/support/kb/doc.php?id=7015271

http://secunia.com/advisories/59142

http://www-01.ibm.com/support/docview.wss?uid=swg21676071

http://secunia.com/advisories/58433

http://secunia.com/advisories/59306

http://www-01.ibm.com/support/docview.wss?uid=swg21676879

https://www.imperialviolet.org/2014/06/05/earlyccs.html

http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195

https://access.redhat.com/security/cve/CVE-2014-0224

http://secunia.com/advisories/58714

http://www.kerio.com/support/kerio-control/release-history

http://secunia.com/advisories/59325

http://marc.info/?l=bugtraq&m=141658880509699&w=2

http://marc.info/?l=bugtraq&m=140604261522465&w=2

http://secunia.com/advisories/59602

http://marc.info/?l=bugtraq&m=140369637402535&w=2

https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

http://www-01.ibm.com/support/docview.wss?uid=swg21676501

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf

http://secunia.com/advisories/59448

http://secunia.com/advisories/59824

http://secunia.com/advisories/59364

http://secunia.com/advisories/59354

http://secunia.com/advisories/59192

http://secunia.com/advisories/58667

http://secunia.com/advisories/59440

http://secunia.com/advisories/59383

http://secunia.com/advisories/59655

http://secunia.com/advisories/59175

http://www.ibm.com/support/docview.wss?uid=swg24037783

http://www-01.ibm.com/support/docview.wss?uid=swg21677390

http://www-01.ibm.com/support/docview.wss?uid=swg24037732

http://www-01.ibm.com/support/docview.wss?uid=swg21678167

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://secunia.com/advisories/58660

http://marc.info/?l=bugtraq&m=140544599631400&w=2

http://www.novell.com/support/kb/doc.php?id=7015300

http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download

http://www.mandriva.com/security/advisories?name=MDVSA-2014:105

http://secunia.com/advisories/60577

http://secunia.com/advisories/59214

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690

http://rhn.redhat.com/errata/RHSA-2014-0680.html

http://marc.info/?l=bugtraq&m=140983229106599&w=2

http://secunia.com/advisories/59370

http://secunia.com/advisories/59990

http://secunia.com/advisories/59375

http://www-01.ibm.com/support/docview.wss?uid=swg21675821

http://marc.info/?l=bugtraq&m=141025641601169&w=2

http://secunia.com/advisories/59191

http://secunia.com/advisories/59186

http://rhn.redhat.com/errata/RHSA-2014-0626.html

http://marc.info/?l=bugtraq&m=140448122410568&w=2

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

https://www.ibm.com/support/docview.wss?uid=ssg1S1004671

http://secunia.com/advisories/59444

http://secunia.com/advisories/60049

https://www.ibm.com/support/docview.wss?uid=ssg1S1004670

http://secunia.com/advisories/59518

http://secunia.com/advisories/59284

https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf

https://kb.bluecoat.com/index?page=content&id=SA80

http://marc.info/?l=bugtraq&m=140852757108392&w=2

http://www-01.ibm.com/support/docview.wss?uid=swg21677567

http://secunia.com/advisories/58977

http://secunia.com/advisories/59300

http://secunia.com/advisories/59661

http://marc.info/?l=bugtraq&m=142805027510172&w=2

http://secunia.com/advisories/59189

http://secunia.com/advisories/58945

http://www.ibm.com/support/docview.wss?uid=ssg1S1004678

http://secunia.com/advisories/59445

http://www-01.ibm.com/support/docview.wss?uid=swg21677836

http://secunia.com/advisories/59491

http://www-01.ibm.com/support/docview.wss?uid=swg21676833

http://secunia.com/advisories/59380

http://www-01.ibm.com/support/docview.wss?uid=swg21676655

http://secunia.com/advisories/59490

http://secunia.com/advisories/59916

http://secunia.com/advisories/58930

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://secunia.com/advisories/59305

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://secunia.com/advisories/59525

http://www-01.ibm.com/support/docview.wss?uid=swg21678289

http://secunia.com/advisories/59502

http://secunia.com/advisories/59454

http://secunia.com/advisories/58742

http://marc.info/?l=bugtraq&m=140904544427729&w=2

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.fortiguard.com/advisory/FG-IR-14-018/

https://discussions.nessus.org/thread/7517

http://www-01.ibm.com/support/docview.wss?uid=swg21675626

http://secunia.com/advisories/59374

http://secunia.com/advisories/59362

http://secunia.com/advisories/59282

http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html

http://marc.info/?l=bugtraq&m=140482916501310&w=2

https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0224

https://kc.mcafee.com/corporate/index?page=content&id=SB10075

http://www-01.ibm.com/support/docview.wss?uid=swg21676529

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

http://secunia.com/advisories/59231

http://www.kb.cert.org/vuls/id/978508

http://www-01.ibm.com/support/docview.wss?uid=swg21676786

http://www.ibm.com/support/docview.wss?uid=isg3T1020948

http://secunia.com/advisories/60567

http://secunia.com/advisories/59529

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://secunia.com/advisories/59126

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/59589

http://rhn.redhat.com/errata/RHSA-2014-0630.html

Do you need more information?

CVSS v4

Base Score:

9.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Exploit Maturity

FUNCTIONAL

CVSS v2

Base Score:

5.8

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Inadequate Encryption Strength

EPSS

Base Score:

93.18