Lucene search
K

4 matches found

Nmap
Nmap
added 2014/06/11 1:43 p.m.1727 views

ssl-ccs-injection NSE Script

Detects whether a server is vulnerable to the SSL/TLS "CCS Injection" vulnerability CVE-2014-0224, first discovered by Masashi Kikuchi. The script is based on the ccsinjection.c code authored by Ramon de C Valle In order to exploit the vulnerablity, a MITM attacker would effectively do the...

10CVSS9.6AI score0.99448EPSS
Exploits42
OSV
OSV
added 2014/06/05 9:55 p.m.7 views

CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS7.3AI score0.95326EPSS
Exploits9References310
Prion
Prion
added 2014/06/05 9:55 p.m.38 views

Design/Logic Flaw

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

5.8CVSS6.8AI score0.95326EPSS
Exploits9References303Affected Software16
OSV
OSV
added 2014/06/05 12:0 p.m.4 views

UBUNTU-CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

7.4CVSS6.7AI score0.95326EPSS
Exploits9References4
Rows per page
Query Builder