This update updates the upstream fix for CVE-2014-0224 to address
problems with renegotiation under some conditions.

original text:
KIKUCHI Masashi discovered that carefully crafted handshakes can
force the use of weak keys, resulting in potential man-in-the-middle
attacks.

CVE-2012-4929

ZLIB compression is now disabled by default.  If you need
to re-enable it for some reason, you can set the environment
variable OPENSSL_NO_DEFAULT_ZLIB.

It's important that you upgrade the libssl0.9.8 package and not
just the openssl package.

All applications linked to openssl need to be restarted. You can
use the tool checkrestart from the package debian-goodies to
detect affected programs or reboot your system.

Kurt

osv 4

openvas 33

debian 5

nessus 48

ubuntu 3

prion 3

cve 3

threatpost 4

f5 6

jvn 2

ibm 43

veracode 3

debiancve 2

ubuntucve 3

nodejsblog 1

arista 1

cert 2

amazon 2

centos 2

mariadbunix 1

hp 1

metasploit 2

hackerone 1

redhat 7

kaspersky 1

openssl 1

paloalto 1

checkpoint_advisories 1

checkpoint_security 2

oraclelinux 4

thn 1

fedora 1

securityvulns 2

kitploit 2

altlinux 1

osv

openssl - security update

2014-06-20 00:00:00

nginx - information leak

2013-02-17 00:00:00

lighttpd - several issues

2013-02-17 00:00:00

openvas

Debian: Security Advisory (DLA-0008-1)

2023-03-08 00:00:00

Ubuntu Update for openssl USN-1898-1

2013-07-05 00:00:00

Debian Security Advisory DSA 2627-1 (nginx - information leak)

2013-02-17 00:00:00

debian

openssl security update

2014-06-20 16:35:33

[SECURITY] [DSA 2627-1] nginx security update

2013-02-17 11:14:31

[SECURITY] [DSA 2579-1] apache2 security update

2012-11-30 13:22:52

nessus

F5 Networks BIG-IP : CRIME vulnerability via TLS 1.2 protocol (K14054)

2014-10-10 00:00:00

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : openssl vulnerability (USN-1898-1)

2013-07-05 00:00:00

openSUSE Security Update : libqt4 (openSUSE-SU-2012:1420-1)

2014-06-13 00:00:00

ubuntu

Qt vulnerability

2012-11-08 00:00:00

OpenSSL vulnerability

2013-07-04 00:00:00

Apache HTTP Server vulnerabilities

2012-11-08 00:00:00

prion

Design/Logic Flaw

2012-09-15 18:55:00

Design/Logic Flaw

2014-06-05 21:55:00

Design/Logic Flaw

2020-02-21 18:15:00

cve

CVE-2012-4929

2012-09-15 18:55:00

CVE-2014-0224

2014-06-05 21:55:00

CVE-2013-3587

2020-02-21 18:15:00

threatpost

Apple Patches Mass of Security Bugs in OS X and Safari

2013-06-05 09:51:54

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

2014-06-13 14:05:55

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

2014-06-05 09:30:06

SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

2012-12-05 00:00:00

K14054 : CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

2013-09-09 00:00:00

SOL15325 - OpenSSL vulnerability CVE-2014-0224

2014-06-05 00:00:00

jvn

JVN#65273415: Android OS issue where it is affected by the CRIME attack

2016-07-22 00:00:00

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

2014-06-06 00:00:00

ibm

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSSL (CVE-2012-4929)

2020-03-03 19:02:20

Security Bulletin: IBM System Networking RackSwitch G8264CS and IBM Flex System Interconnect Fabric are affected by the following OpenSSL vulnerability: CVE-2014-0224

2019-01-31 01:20:02

Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224

2020-07-24 22:19:08

veracode

Information Leakage

2019-01-15 08:58:53

Man-in-the-Middle (MitM)

2019-01-15 08:52:44

Man-in-the-Middle (MitM)

2017-02-07 02:08:35

debiancve

CVE-2012-4929

2012-09-15 18:55:00

CVE-2014-0224

2014-06-05 21:55:00

ubuntucve

CVE-2012-4929

2012-09-15 00:00:00

CVE-2014-0224

2014-06-05 00:00:00

CVE-2013-3587

2020-02-21 00:00:00

nodejsblog

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

2014-06-16 00:00:00

arista

Security Advisory 0005

2014-06-09 00:00:00

cert

OpenSSL is vulnerable to a man-in-the-middle attack

2014-06-05 00:00:00

BREACH vulnerability in compressed HTTPS

2013-08-02 00:00:00

amazon

Important: openssl098e

2014-06-05 15:38:00

Important: openssl097a

2014-06-05 15:38:00

centos

openssl security update

2014-06-06 01:40:21

openssl097a, openssl098e security update

2014-06-05 13:21:51

mariadbunix

CVE-2014-0224

2014-06-05 21:55:07

HPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access

2014-09-18 00:00:00

metasploit

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

2014-06-09 22:38:11

SSL Labs API Client

2015-03-27 11:34:11

hackerone

Whisper: CVE-2014-0224 openssl ccs vulnerability

2015-03-11 04:42:02

redhat

(RHSA-2014:0632) Important: Red Hat JBoss Web Server 2.0.1 openssl security update

2014-06-05 14:49:28

(RHSA-2014:0680) Important: openssl098e security update

2014-06-10 00:00:00

(RHSA-2014:0631) Important: Red Hat JBoss Enterprise Application Platform 6.2.3 security update

2014-06-05 15:19:06

kaspersky

KLA10266 OSI vulnerability in MySQL Workbench

2014-06-27 00:00:00

openssl

Vulnerability in OpenSSL CVE-2014-0224

2014-06-05 00:00:00

paloalto

OpenSSL Man-in-the-middle vulnerability

2014-06-09 07:00:00

checkpoint_advisories

OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)

2014-06-09 00:00:00

checkpoint_security

SSL/TLS MITM vulnerability (CVE-2014-0224)

2014-06-05 21:00:00

Check Point response to CVE-2012-4929, CVE-2012-4930 aka CRIME attack

2012-10-20 22:00:00

oraclelinux

openssl098e security update

2014-07-23 00:00:00

openssl security update

2014-06-11 00:00:00

openssl security update

2014-06-05 00:00:00

thn

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

2014-06-26 21:22:00

fedora

[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18

2013-04-03 04:51:11

securityvulns

[SECURITY] [DSA 2579-1] apache2 security update

2012-12-02 00:00:00

Apache security vulnerabilities

2012-12-02 00:00:00

kitploit

Sitadel - Web Application Security Scanner

2019-01-14 12:13:00

yawast - The YAWAST Antecedent Web Application Security Toolkit

2016-10-16 14:12:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

Related for DEBIAN:SSL-:00C17