OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the “CCS Injection” vulnerability.

threatpost 3

nessus 59

ibm 54

arista 1

centos 2

cert 1

amazon 2

nodejsblog 1

openvas 26

checkpoint_advisories 1

checkpoint_security 1

redhat 7

oraclelinux 4

prion 1

f5 2

debiancve 1

veracode 2

kaspersky 1

metasploit 2

openssl 1

paloalto 1

cve 1

ubuntucve 1

mariadbunix 1

hp 1

thn 1

jvn 1

altlinux 4

kitploit 2

suse 4

debian 3

chrome 1

seebug 1

osv 1

nmap 1

vmware 1

ics 1

freebsd 1

threatpost

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

2014-06-13 14:05:55

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable

2014-06-12 09:38:56

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

2014-06-05 09:30:06

nessus

Blue Coat ProxySG 4.x OpenSSL Security Bypass

2014-06-20 00:00:00

Blue Coat ProxySG 6.2.x OpenSSL Security Bypass

2014-06-20 00:00:00

RHEL 4 / 5 / 6 : openssl (RHSA-2014:0627)

2014-11-08 00:00:00

ibm

Security Bulletin: IBM System Networking RackSwitch G8264CS and IBM Flex System Interconnect Fabric are affected by the following OpenSSL vulnerability: CVE-2014-0224

2019-01-31 01:20:02

Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by the following OpenSSL vulnerabilities: CVE-2014-0224

2020-07-24 22:19:08

Security Bulletin: IBM Cognos BI Server is affected by the following OpenSSL vulnerability: CVE-2014-0224

2018-06-15 23:13:32

arista

Security Advisory 0005

2014-06-09 00:00:00

centos

openssl security update

2014-06-06 01:40:21

openssl097a, openssl098e security update

2014-06-05 13:21:51

cert

OpenSSL is vulnerable to a man-in-the-middle attack

2014-06-05 00:00:00

amazon

Important: openssl098e

2014-06-05 15:38:00

Important: openssl097a

2014-06-05 15:38:00

nodejsblog

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

2014-06-16 00:00:00

openvas

Oracle: Security Advisory (ELSA-2014-0624)

2015-10-06 00:00:00

CentOS Update for openssl098e CESA-2014:0626 centos6

2014-06-09 00:00:00

RedHat Update for openssl098e RHSA-2014:0680-01

2014-07-04 00:00:00

checkpoint_advisories

OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)

2014-06-09 00:00:00

checkpoint_security

SSL/TLS MITM vulnerability (CVE-2014-0224)

2014-06-05 21:00:00

redhat

(RHSA-2014:0624) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0627) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0630) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update

2014-06-05 14:48:54

oraclelinux

openssl098e security update

2014-07-23 00:00:00

openssl security update

2014-06-11 00:00:00

openssl security update

2014-06-05 00:00:00

prion

Design/Logic Flaw

2014-06-05 21:55:00

SOL15325 - OpenSSL vulnerability CVE-2014-0224

2014-06-05 00:00:00

K15325 : OpenSSL vulnerability CVE-2014-0224

2015-10-15 00:00:00

debiancve

CVE-2014-0224

2014-06-05 21:55:00

veracode

Man-in-the-Middle (MitM)

2017-02-07 02:08:35

Man-in-the-Middle (MitM)

2019-01-15 08:52:44

kaspersky

KLA10266 OSI vulnerability in MySQL Workbench

2014-06-27 00:00:00

metasploit

SSL Labs API Client

2015-03-27 11:34:11

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

2014-06-09 22:38:11

openssl

Vulnerability in OpenSSL CVE-2014-0224

2014-06-05 00:00:00

paloalto

OpenSSL Man-in-the-middle vulnerability

2014-06-09 07:00:00

cve

CVE-2014-0224

2014-06-05 21:55:00

ubuntucve

CVE-2014-0224

2014-06-05 00:00:00

mariadbunix

CVE-2014-0224

2014-06-05 21:55:07

HPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access

2014-09-18 00:00:00

thn

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

2014-06-26 21:22:00

jvn

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

2014-06-06 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

kitploit

yawast - The YAWAST Antecedent Web Application Security Toolkit

2016-10-16 14:12:00

MassBleed - Mass SSL Vulnerability Scanner

2015-12-09 20:20:00

suse

Security update for OpenSSL (critical)

2014-06-07 00:04:15

Security update for OpenSSL (critical)

2014-06-06 00:04:19

Security update for OpenSSL (critical)

2014-06-07 01:04:17

debian

openssl security update

2014-06-20 16:35:33

openssl security update

2014-06-20 16:35:50

[SECURITY] [DSA 2950-2] openssl update

2014-06-16 18:21:12

chrome

Stable Channel Update for Chrome OS

2014-06-10 00:00:00

seebug

OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)

2016-12-20 00:00:00

osv

openssl - security update

2014-06-20 00:00:00

nmap

ssl-ccs-injection NSE Script

2014-06-11 13:43:28

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-06-10 00:00:00

ics

Siemens OpenSSL Vulnerabilities (Update G)

2018-08-29 12:00:00

freebsd

OpenSSL -- multiple vulnerabilities

2014-06-05 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

Related for H1:50885