Lucene search
K

36 matches found

RedHat Linux
RedHat Linux
added 2015/02/24 1:44 p.m.12 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/02/24 1:20 p.m.6 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/02/05 7:35 p.m.4 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/02/05 7:34 p.m.5 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/02/05 7:29 p.m.3 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/01/26 6:10 p.m.5 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/01/22 9:24 p.m.6 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/01/21 9:45 p.m.22 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/01/21 9:38 p.m.7 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
RedHat Linux
RedHat Linux
added 2015/01/20 10:38 p.m.6 views

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

4CVSS6.7AI score0.67234EPSS
Exploits5References5
Metasploit
Metasploit
added 2014/06/09 10:38 p.m.133 views

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

This module checks for the OpenSSL ChangeCipherSpec CCS Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this...

7.4CVSS8.1AI score0.95326EPSS
Exploits9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/06/06 4:48 a.m.2 views

OpenSSL improper handling of Change Cipher Spec message

Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...

7.4CVSS9.2AI score0.95326EPSS
Exploits9References114
OSV
OSV
added 2014/06/05 9:55 p.m.1 views

DEBIAN-CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS8.6AI score0.95326EPSS
Exploits9References1
OSV
OSV
added 2014/06/05 12:0 p.m.5 views

UBUNTU-CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS6.7AI score0.95326EPSS
Exploits9References4
RedHat Linux
RedHat Linux
added 2004/03/17 5:20 p.m.6 views

security flaw

The dochangecipherspec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that triggers a null dereference...

7.5CVSS7.4AI score0.09537EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2004/03/17 12:0 a.m.4 views

PT-2004-1028 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.6c through 0.9.6k OpenSSL versions 0.9.7a through 0.9.7c Description: The issue is related to a flaw in the do change cipher spec function that allows remote attackers to cause a denial of service via a crafted SSL/TLS...

10CVSS7.6AI score0.09537EPSS
Exploits0References79
Rows per page
Query Builder