An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.

nessus 59

ibm 56

openvas 24

threatpost 3

mariadbunix 1

metasploit 2

hp 1

amazon 2

nodejsblog 1

cert 1

centos 2

arista 1

checkpoint_advisories 1

checkpoint_security 1

oraclelinux 4

redhat 7

f5 2

veracode 2

prion 1

debiancve 1

thn 1

jvn 1

hackerone 1

kaspersky 1

cve 1

paloalto 1

ubuntucve 1

altlinux 4

kitploit 2

osv 1

seebug 1

debian 3

suse 4

chrome 1

nmap 1

vmware 1

ubuntu 1

freebsd_advisory 1

nessus

CentOS 5 : openssl (CESA-2014:0624)

2014-06-06 00:00:00

IBM Tivoli Endpoint Manager Server 9.1.x < 9.1.1117.0 OpenSSL Security Bypass

2014-11-19 00:00:00

Solaris 10 (sparc) : 150383-19 (deprecated)

2013-06-05 00:00:00

ibm

Security Bulletin: IBM Sterling Connect:Enterprise for UNIX affected by the following OpenSSL vulnerability (CVE-2014-0224).

2019-12-18 01:14:08

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot (also known as pDSA) is affected by the following OpenSSL vulnerability: CVE-2014-0224

2019-01-31 01:25:01

Security Bulletin: IBM Tivoli Common Reporting (TCR) interim fixes address Security Vulnerability and Exposure CVE-2014-0224

2019-12-19 15:42:02

openvas

CentOS Update for openssl097a CESA-2014:0626 centos5

2014-06-09 00:00:00

Amazon Linux: Security Advisory (ALAS-2014-351)

2015-09-08 00:00:00

HP Onboard Administrator < 4.22 Information Disclosure Vulnerability

2014-07-04 00:00:00

threatpost

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

2014-06-05 09:30:06

SSL Pulse Scans Quantify Vulnerable OpenSSL Servers

2014-06-13 14:05:55

VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerable

2014-06-12 09:38:56

mariadbunix

CVE-2014-0224

2014-06-05 21:55:07

metasploit

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

2014-06-09 22:38:11

SSL Labs API Client

2015-03-27 11:34:11

HPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access

2014-09-18 00:00:00

amazon

Important: openssl097a

2014-06-05 15:38:00

Important: openssl098e

2014-06-05 15:38:00

nodejsblog

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

2014-06-16 00:00:00

cert

OpenSSL is vulnerable to a man-in-the-middle attack

2014-06-05 00:00:00

centos

openssl security update

2014-06-06 01:40:21

openssl097a, openssl098e security update

2014-06-05 13:21:51

arista

Security Advisory 0005

2014-06-09 00:00:00

checkpoint_advisories

OpenSSL TLS Man-In-The-Middle Security Bypass (CVE-2014-0224)

2014-06-09 00:00:00

checkpoint_security

SSL/TLS MITM vulnerability (CVE-2014-0224)

2014-06-05 21:00:00

oraclelinux

openssl security update

2014-06-05 00:00:00

openssl098e security update

2014-07-23 00:00:00

openssl security update

2014-06-11 00:00:00

redhat

(RHSA-2014:0627) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0624) Important: openssl security update

2014-06-05 00:00:00

(RHSA-2014:0630) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update

2014-06-05 14:48:54

K15325 : OpenSSL vulnerability CVE-2014-0224

2015-10-15 00:00:00

SOL15325 - OpenSSL vulnerability CVE-2014-0224

2014-06-05 00:00:00

veracode

Man-in-the-Middle (MitM)

2017-02-07 02:08:35

Man-in-the-Middle (MitM)

2019-01-15 08:52:44

prion

Design/Logic Flaw

2014-06-05 21:55:00

debiancve

CVE-2014-0224

2014-06-05 21:55:00

thn

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

2014-06-26 21:22:00

jvn

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

2014-06-06 00:00:00

hackerone

Whisper: CVE-2014-0224 openssl ccs vulnerability

2015-03-11 04:42:02

kaspersky

KLA10266 OSI vulnerability in MySQL Workbench

2014-06-27 00:00:00

cve

CVE-2014-0224

2014-06-05 21:55:00

paloalto

OpenSSL Man-in-the-middle vulnerability

2014-06-09 07:00:00

ubuntucve

CVE-2014-0224

2014-06-05 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.1h-alt1

2014-06-05 00:00:00

kitploit

yawast - The YAWAST Antecedent Web Application Security Toolkit

2016-10-16 14:12:00

MassBleed - Mass SSL Vulnerability Scanner

2015-12-09 20:20:00

osv

openssl - security update

2014-06-20 00:00:00

seebug

OpenSSL SSL/TLS MITM Vulnerability (CVE-2014-0224)

2016-12-20 00:00:00

debian

openssl security update

2014-06-20 16:35:50

openssl security update

2014-06-20 16:35:33

[SECURITY] [DSA 2950-2] openssl update

2014-06-16 18:21:12

suse

Security update for OpenSSL (critical)

2014-06-07 00:04:15

Security update for OpenSSL (critical)

2014-06-07 01:04:17

Security update for OpenSSL (critical)

2014-06-06 00:04:19

chrome

Stable Channel Update for Chrome OS

2014-06-10 00:00:00

nmap

ssl-ccs-injection NSE Script

2014-06-11 13:43:28

vmware

VMware product updates address OpenSSL security vulnerabilities

2014-06-10 00:00:00

ubuntu

OpenSSL regression

2014-06-23 00:00:00

freebsd_advisory

FreeBSD-SA-14:14.openssl

2014-06-05 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.8 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

Related for OPENSSL:CVE-2014-0224