Lucene search

[email protected]NVD:CVE-2014-1491

HistoryFeb 06, 2014 - 5:44 a.m.

CVE-2014-1491

2014-02-0605:44:25

CWE-326

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Affected configurations

NVD

Node

mozillafirefoxRange<27.0

mozillafirefox_esrRange<24.3

mozillanetwork_security_servicesRange<3.15.4

mozillaseamonkeyRange<2.24

mozillathunderbirdRange<24.3.0

Node

oracleenterprise_manager_ops_centerRange<12.1.4

oracleenterprise_manager_ops_centerMatch12.2.0

oracleenterprise_manager_ops_centerMatch12.2.1

oracleenterprise_manager_ops_centerMatch12.3.0

oraclevm_serverMatch3.2x86

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

References

hg.mozilla.org/projects/nss/rev/12c42006aed8

kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html

lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/56858

secunia.com/advisories/56888

secunia.com/advisories/56922

www.debian.org/security/2014/dsa-2858

www.debian.org/security/2014/dsa-2994

www.mozilla.org/security/announce/2014/mfsa2014-12.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65332

www.securitytracker.com/id/1029717

www.securitytracker.com/id/1029720

www.securitytracker.com/id/1029721

www.ubuntu.com/usn/USN-2102-1

www.ubuntu.com/usn/USN-2102-2

www.ubuntu.com/usn/USN-2119-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.mozilla.org/show_bug.cgi?id=934545

exchange.xforce.ibmcloud.com/vulnerabilities/90886

security.gentoo.org/glsa/201504-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for NVD:CVE-2014-1491

intothesymmetry1 debiancve1 cvelist1 prion1 ubuntucve1 cve1 openvas39 mozilla1 osv2 nessus38 debian3 redhat3 oraclelinux2 centos2 veracode1 f52 ibm4 ubuntu3 suse6 freebsd1 securityvulns1 oracle4 gentoo1